https://bugzilla.wikimedia.org/show_bug.cgi?id=59130

--- Comment #1 from Brad Jorsch <bjor...@wikimedia.org> ---
I was able to reproduce this with eval.php, and after convincing php to load a
local version of luasandbox so gdb would give me debug symbols, I got a
backtrace:

#0  luasandbox_panic (L=0x33a7370) at
/home/anomie/luasandbox/luasandbox/luasandbox.c:512
#1  0x00007fffee0ceb4a in luaD_throw (L=0x33a7370, errcode=4) at ldo.c:104
#2  0x00007fffee0d2b2f in luaM_realloc_ (L=0x33a7370, block=<optimized out>,
osize=0, nsize=40) at lmem.c:81
#3  0x00007fffee0cfda4 in luaF_newCclosure (L=0x33a7370, nelems=0, e=0x33a7a78)
at lfunc.c:24
#4  0x00007fffee0cac21 in lua_pushcclosure (L=0x33a7370, fn=0x7fffee2f6a30
<luasandbox_attach_trace>, n=0) at lapi.c:491
#5  0x00007fffee2f8989 in luasandbox_call_helper (L=0x33a7370,
sandbox_zval=0x3398048, sandbox=0x33a7108, args=0x9da86d0, numArgs=1,
return_value=0x95abb20) at /home/anomie/luasandbox/luasandbox/luasandbox.c:1307
#6  0x00007fffee2fa384 in zim_LuaSandboxFunction_call (ht=1,
return_value=0x95abb20, return_value_ptr=<optimized out>, this_ptr=<optimized
out>, return_value_used=<optimized out>)
    at /home/anomie/luasandbox/luasandbox/luasandbox.c:1270
#7  0x000000000068dea7 in zend_call_function (fci=0x7fffffffb2a0,
fci_cache=0x7fffffffb2f0) at
/tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:991
#8  0x00000000005d05d8 in zif_call_user_func_array (ht=54162288,
return_value=0x9d65d18, return_value_ptr=0x22, this_ptr=0x33a7428,
return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#9  0x000000000070fd2d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7eee6e0) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#10 0x00000000006c089b in execute (op_array=0x2f274d8) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#11 0x000000000068dddc in zend_call_function (fci=0x7fffffffb5a0,
fci_cache=0x7ffff7eeb5d0) at
/tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#12 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288,
return_value=0x9d8dbb0, return_value_ptr=0x22, this_ptr=0x33a7428,
return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#13 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7eeb5d0) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#14 0x00000000006c089b in execute (op_array=0x11aecc0) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#15 0x000000000068dddc in zend_call_function (fci=0x7fffffffb8a0,
fci_cache=0x7ffff7ed74d8) at
/tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#16 0x00000000005d05d8 in zif_call_user_func_array (ht=54162288,
return_value=0x288c080, return_value_ptr=0x22, this_ptr=0x33a7428,
return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/ext/standard/basic_functions.c:4803
#17 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7ed74d8) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#18 0x00000000006c089b in execute (op_array=0x11aee10) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#19 0x000000000068dddc in zend_call_function (fci=0x7fffffffbbb0,
fci_cache=0x7ffff7ed6db8) at
/tmp/buildd/php5-5.3.10/Zend/zend_execute_API.c:969
#20 0x00000000006b0f37 in zend_call_method (object_pp=0x7fffffffbcd8,
obj_ce=0x1ebe3e8, fn_proxy=0x1ebe5c8, function_name=0xab7549 "__call",
function_name_len=52428776, retval_ptr_ptr=0x7fffffffbcf8, 
    param_count=7062284, arg1=0x2, arg2=0x288b280) at
/tmp/buildd/php5-5.3.10/Zend/zend_interfaces.c:97
#21 0x00000000006bc30c in zend_std_call_user_call (ht=42513024,
return_value=0x288b2d0, return_value_ptr=0x22, this_ptr=0x1ebe3e8,
return_value_used=52428776)
    at /tmp/buildd/php5-5.3.10/Zend/zend_object_handlers.c:717
#22 0x000000000070fd2d in zend_do_fcall_common_helper_SPEC
(execute_data=0x7ffff7ed6db8) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:320
#23 0x00000000006c089b in execute (op_array=0x25cf768) at
/tmp/buildd/php5-5.3.10/Zend/zend_vm_execute.h:107
#24 0x000000000069be00 in zend_execute_scripts (type=0, retval=0x800000000,
file_count=3) at /tmp/buildd/php5-5.3.10/Zend/zend.c:1308
#25 0x0000000000648473 in php_execute_script (primary_file=0x200000001) at
/tmp/buildd/php5-5.3.10/main/main.c:2323
#26 0x000000000042c967 in main (argc=32767, argv=0x7fffffffe85e) at
/tmp/buildd/php5-5.3.10/sapi/cli/php_cli.c:1188

It appears that the problem is that Lua is hitting the Lua memory limit in one
of the setup functions (the call at frame 4) rather than in actual Lua code
that is executed under lua_pcall.

The thing to do might be to give Lua a slightly higher memory limit when
running the "unprotected" functions than when calling "protected" code, to make
it more likely that the actual allocation failure will happen in the latter.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to