[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Bug in Lua 5.0.2
- From: Roberto Ierusalimschy <roberto@...>
- Date: Wed, 05 Jan 2005 14:17:15 -0200
> Without the assert, the Lua VM will continue on and read the value
> pointer and type tag information from the freed area of memory, and
> store it in the upvalue object. Although freed memory is read to find
> this pointer value, the pointer value that is copied will never be
> dereferenced: the dead status of the table object implies that there
> are no more live references to the upvalue. I have not seen this code
> cause a crash on my machine, but of course reading from freed memory
> is never safe.
Are you sure about this? It seems that only a pointer to freed memory
is copied. The pointer itself and its type tag live in the stack,
which at this point is still alive. There is no access to this pointer
contents, so there is no reading from freed memory at all (unless the
assertions are on).
In other words, the problem seems to be with the assertions, not with
the code.
-- Roberto