Re: [PATCH] BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits

Wed, 25 Apr 2018 02:13:18 -0700 

Hi Tim,

Thanks for the patch. You got it ! (and I discover the --scissors :-) )

Willy, You can apply the patch in attachment. This patch should be
backported on 1.8. (1.6 and 1.7 are not impacted by the bug). The
backport is simple.

BR,
Thierry

Attachment: 0001-BUG-MEDIUM-lua-Fix-segmentation-fault-if-a-Lua-task-.patch
Description: Binary data


> On 24 Apr 2018, at 13:56, Tim Duesterhus <t...@bastelstu.be> wrote:
> 
> Pieter,
> 
> try the attached patch, please.
> 
> Apply with `git am --scissors` to automatically cut the commit message.
> -- >8 --
> Subject: [PATCH] BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
> 
> PiBa-NL reported that haproxy crashes with a segmentation fault
> if a function registered using `core.register_task` returns.
> 
> An example Lua script that reproduces the bug is:
> 
>  mytask = function()
>       core.Info("Stopping task")
>  end
>  core.register_task(mytask)
> 
> The Valgrind output is as follows:
> 
>  ==6759== Process terminating with default action of signal 11 (SIGSEGV)
>  ==6759==  Access not within mapped region at address 0x20
>  ==6759==    at 0x5B60AA9: lua_sethook (in 
> /usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0)
>  ==6759==    by 0x430264: hlua_ctx_resume (hlua.c:1009)
>  ==6759==    by 0x43BB68: hlua_process_task (hlua.c:5525)
>  ==6759==    by 0x4FED0A: process_runnable_tasks (task.c:231)
>  ==6759==    by 0x4B2256: run_poll_loop (haproxy.c:2397)
>  ==6759==    by 0x4B2256: run_thread_poll_loop (haproxy.c:2459)
>  ==6759==    by 0x41A7E4: main (haproxy.c:3049)
> 
> Add the missing `task = NULL` for the `HLUA_E_OK` case. The error cases
> have been fixed as of 253e53e661c49fb9723535319cf511152bf09bc7 which
> first was included in haproxy v1.8-dev3. This bugfix should be backported
> to haproxy 1.8.
> ---
> src/hlua.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/src/hlua.c b/src/hlua.c
> index aeb0e2d4..5c265d16 100644
> --- a/src/hlua.c
> +++ b/src/hlua.c
> @@ -5530,6 +5530,7 @@ static struct task *hlua_process_task(struct task *task)
>               hlua_ctx_destroy(hlua);
>               task_delete(task);
>               task_free(task);
> +             task = NULL;
>               break;
> 
>       case HLUA_E_AGAIN: /* co process or timeout wake me later. */
> -- 
> 2.17.0
>

Reply via email to