Package: libtolua++5.1-dev Version: 1.0.93-1 Severity: normal If a *.pkg file declares a function with a variable-size array parameter, then the C++ stub generated by tolua++ allocates the array with the Mtolua_new_dim macro, copies the contents of the corresponding Lua table there, passes the array to the C++ function, copies any modified contents back to the Lua table, and frees the array with the Mtolua_delete_dim macro. By default, these macros use the new[] and delete[] operators.
However, if the Lua table contains values that cannot be converted to the element type of the C++ array, then the stub notices this after it has allocated the array, and it calls tolua_error, which indirectly calls longjmp and never returns. The array is never freed in this case; that is a memory leak. Because of the type mismatch error, the stub doesn't even call the wrapped C++ function, so tolua++ cannot claim the bug is in that function. Here is a program that triggers the bug:
#include <cassert>
#include <tolua++.h>
#include "leak-tolua.h"
static int
bad_call(lua_State *state)
{
int ret = luaL_loadstring(state, "func(42, {'not a number'})");
assert(ret == 0);
lua_call(state, 0, 0);
return 0;
}
int
main(void)
{
lua_State *state = luaL_newstate();
assert(state != NULL);
int openok = tolua_leak_open(state);
assert(openok == 1);
for (int i = 0; i < 10000; ++i)
{
int ret = lua_cpcall(state, bad_call, NULL);
assert(ret == LUA_ERRRUN);
lua_pop(state, 1);
}
lua_close(state);
return 0;
}
$void func(int len, int array[]) {}
void func(int len, int array[len]);
TOLUAXX = tolua++5.1
CPPFLAGS = -I/usr/include/lua5.1
CXXFLAGS = -ggdb -Wall
leak: leak.cpp leak-tolua.cpp leak-tolua.h
$(CXX) $(CPPFLAGS) $(CXXFLAGS) -o leak leak.cpp leak-tolua.cpp
-ltolua++5.1 -llua5.1
leak-tolua.cpp leak-tolua.h: leak.pkg
$(TOLUAXX) -o leak-tolua.cpp -H leak-tolua.h leak.pkg
.PHONY: clean
clean:
$(RM) leak leak-tolua.cpp leak-tolua.h
==32489== Memcheck, a memory error detector ==32489== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==32489== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==32489== Command: ./leak ==32489== ==32489== ==32489== HEAP SUMMARY: ==32489== in use at exit: 1,680,000 bytes in 10,000 blocks ==32489== total heap usage: 201,998 allocs, 191,998 frees, 11,571,386 bytes allocated ==32489== ==32489== 1,680,000 bytes in 10,000 blocks are definitely lost in loss record 1 of 1 ==32489== at 0x4C24A72: operator new[](unsigned long) (vg_replace_malloc.c:305) ==32489== by 0x401C67: tolua_leak_func00(lua_State*) (leak-tolua.cpp:40) ==32489== by 0x4E35A55: luaD_precall (ldo.c:319) ==32489== by 0x4E40810: luaV_execute (lvm.c:587) ==32489== by 0x4E35FC4: luaD_call (ldo.c:377) ==32489== by 0x4E31305: lua_call (lapi.c:782) ==32489== by 0x401AC8: bad_call(lua_State*) (leak.cpp:11) ==32489== by 0x4E35A55: luaD_precall (ldo.c:319) ==32489== by 0x4E35F68: luaD_call (ldo.c:376) ==32489== by 0x4E35646: luaD_rawrunprotected (ldo.c:116) ==32489== by 0x4E356C4: luaD_pcall (ldo.c:463) ==32489== by 0x4E310B6: lua_cpcall (lapi.c:856) ==32489== ==32489== LEAK SUMMARY: ==32489== definitely lost: 1,680,000 bytes in 10,000 blocks ==32489== indirectly lost: 0 bytes in 0 blocks ==32489== possibly lost: 0 bytes in 0 blocks ==32489== still reachable: 0 bytes in 0 blocks ==32489== suppressed: 0 bytes in 0 blocks ==32489== ==32489== For counts of detected and suppressed errors, rerun with: -v ==32489== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)
-- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libtolua++5.1-dev depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable pro ii liblua5.1-0-dev [liblua5.1-de 5.1.4-5 Simple, extensible, embeddable pro libtolua++5.1-dev recommends no packages. libtolua++5.1-dev suggests no packages. -- no debconf information
pgp3sxDVdKY0e.pgp
Description: PGP signature
