Hi,
I've just seen that there seems to be a potential memory access fault in wxLua
in
wxlua_getchararray() in wxlstate.cpp. Have a look at this code:
int table_len = lua_objlen(L, stack_idx);
if (table_len > 0)
arrChar = new const char *[table_len];
if (arrChar != NULL)
{
for (int n = 0; n < table_len; ++n)
{
lua_rawgeti(L, stack_idx, n+1); // Lua array starts at 1
const char *s = wxlua_getstringtype(L, -1);
arrChar[n] = s; // share Lua string
lua_pop(L, 1);
}
}
You can see here that the pointer returned by lua_tostring() [which is usually
called by wxlua_getstringtype()] is stored inside arrChar[n] here and then
the string is popped from the stack. But AFAIK lua guidelines say that pointers
only remain valid as long as they're on the stack. Once they've been popped,
they could become invalid at any time. Thus, the code posted above could
lead to a memory access fault under certain conditions.
--
Best regards,
Andreas Falkenhahn mailto:andr...@falkenhahn.com
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
wxlua-users mailing list
wxlua-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wxlua-users
