On Fri, Jun 17, 2011 at 11:56:47PM -0400, Ted Unangst wrote:
> Somewhere in Lua, even the parser possibly, there is memory
> corruption. One of my scripts started giving very strange errors
> shortly after an edit. Sometimes the errors were even different.
> Delete the new lines, all is well. Add back dummy lines that don't do
> anything, crashes. The crashes in fact occur before the changed
> function is even called, but after it is parsed. Perhaps I should
> explain what a strange error is. "script.lua:-1882717303: 'for'
> initial value must be a number" is a strange error to me.
>
> I was able to get consistent bizarre errors by changing getrnibble in
> malloc.c to always return 0. Not random, but still bizarre.
>
> Alas, I am unable to reduce or reproduce the errors except by
> modifying a few lines of a particular function. I have lots of other
> Lua code working successfully. Useless as all this may be, I figured
> it's worth reporting in case anybody sees anything like it. Haven't
> reported it to the Lua people, either, until there's something they
> could possibly do about it.
My bet is a use-after-free. Playing with malloc options might enable
you to zoom in.
-Otto
