View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000444LDMud 3.3Efunspublic2006-02-04 16:472018-01-29 21:57
ReporterGnomi Assigned Tolars 
PrioritynormalSeveritycrashReproducibilitysometimes
Status closedResolutionfixed 
Platformi686OSDebian GNU/LinuxOS Version3.1
Product Version3.3.712 
Fixed in Version3.3.714 
Summary0000444: restore_svalue with inherited lfun closure uses compile time structures
DescriptionHi,

restore_value("0000001:0\n#l:fun-w/gnomi/inhcl4/i/a\n") caused the following crash:

Program received signal SIGSEGV, Segmentation fault.
0x080ebd74 in lookup_inherited (super_name=0xbfffc39c "w/gnomi/inhcl4/i/a", real_name=0x900c96c, pIP=0xbfffc284, pFlags=0xbfffc27c) at prolang.y:14369
(tgdb) bt
#0 0x080ebd74 in lookup_inherited (super_name=0xbfffc39c "w/gnomi/inhcl4/i/a", real_name=0x900c96c, pIP=0xbfffc284, pFlags=0xbfffc27c) at prolang.y:14369
0000001 0x080ebf88 in find_inherited_function (super_name=0xbfffc39c "w/gnomi/inhcl4/i/a", real_name=0xbfffc398 "fun", pInherit=0xbfffc2d6) at prolang.y:14471
0000002 0x080d359c in restore_closure (svp=0x8160bd0, str=0xbfffc3cc, delimiter=10 '\n') at object.c:7919
0000003 0x080d126d in restore_svalue (svp=0x8160bd0, pt=0xbfffc3cc, delimiter=10 '\n') at object.c:8018
0000004 0x080d286a in f_restore_value (sp=0x8160bd0) at object.c:8925
0000005 0x0808f3de in eval_instruction (first_instruction=0x904e27e "a\026", initial_sp=0x8160bc0) at interpret.c:7925
0000006 0x080a291e in apply_low (fun=0x924b6fc, ob=0x91c5cec, num_arg=0, b_ign_prot=0, allowRefs=0) at interpret.c:16732
0000007 0x080a2adc in int_apply (fun=0x924babc, ob=0x91c5cec, num_arg=0, b_ign_prot=0, b_use_default=1) at interpret.c:16810
0000008 0x080a898c in int_call_resolved (b_use_default=1, sp=0x8160bc0, num_arg=3) at interpret.c:20263
0000009 0x080a8a9e in v_call_resolved (sp=0x8160bc0, num_arg=3) at interpret.c:20300
0000010 0x08090103 in eval_instruction (first_instruction=0xbfffcd40 "\a\a\030\b", initial_sp=0x8160bc0) at interpret.c:8124
0000011 0x080a47cf in int_call_lambda (lsvp=0x8160ba8, num_arg=3, allowRefs=0) at interpret.c:17957
0000012 0x080a86a6 in v_apply (sp=0x8160bc0, num_arg=4) at interpret.c:20123
0000013 0x08090103 in eval_instruction (first_instruction=0x928b7d6 "\001\021a\017\003@\036", initial_sp=0x8160b98) at interpret.c:8124
#14 0x080a2522 in apply_low (fun=0x9221068, ob=0x91f05c0, num_arg=1, b_ign_prot=0, allowRefs=0) at interpret.c:16619
#15 0x080a2adc in int_apply (fun=0x9221068, ob=0x91f05c0, num_arg=1, b_ign_prot=0, b_use_default=1) at interpret.c:16810
#16 0x080a2f08 in sapply_int (fun=0x9221068, ob=0x91f05c0, num_arg=1, b_find_static=0, b_use_default=1) at interpret.c:16971
#17 0x0804c8b0 in parse_command (buff=0xbfffd3a0 "zc b->funb()", from_efun=0) at actions.c:1094
#18 0x0804cd54 in execute_command (str=0xbfffd3a0 "zc b->funb()", ob=0x905a6ec) at actions.c:1258
#19 0x0804d2f8 in v_command (sp=0x8160b00, num_arg=1) at actions.c:1514
#20 0x08090103 in eval_instruction (first_instruction=0x915838a "\036\001j\016\nt\036", initial_sp=0x8160af0) at interpret.c:8124
#21 0x080a2522 in apply_low (fun=0x9117dac, ob=0x905a6ec, num_arg=2, b_ign_prot=0, allowRefs=0) at interpret.c:16619
#22 0x080a2adc in int_apply (fun=0x9117dac, ob=0x905a6ec, num_arg=2, b_ign_prot=0, b_use_default=1) at interpret.c:16810
#23 0x080a2f08 in sapply_int (fun=0x9117dac, ob=0x905a6ec, num_arg=2, b_find_static=0, b_use_default=1) at interpret.c:16971
#24 0x080fa491 in execute_callback (cb=0x8a93878, nargs=0, keep=0, toplevel=1) at simulate.c:4053
#25 0x08057ff3 in call_out () at call_out.c:421
#26 0x08054b34 in backend () at backend.c:748
#27 0x080b86e2 in main (argc=16, argv=0xbffff934) at main.c:615

It seems to me, that lookup_inherited (called by restore_closure) uses compile time structures (mem_block[A_INHERITS].block) instead of the current object. But as compiling is over, these structures can be overwritten with anything, resulting in a crash.

Greetings,
Gnomi.
TagsNo tags attached.

Activities

lars

2006-03-14 22:36

reporter   ~0000496

lfun closures now track to which program they belong - this also fixes bug 0000443.
Provided by Gnomi.

Issue History

Date Modified Username Field Change
2006-02-04 16:47 Gnomi New Issue
2006-03-14 22:36 lars Status new => resolved
2006-03-14 22:36 lars Fixed in Version => 3.3.714
2006-03-14 22:36 lars Resolution open => fixed
2006-03-14 22:36 lars Assigned To => lars
2006-03-14 22:36 lars Note Added: 0000496
2007-10-06 19:55 lars Status resolved => closed
2010-11-16 09:42 lars Source_changeset_attached => ldmud.git master 790d211f
2018-01-29 18:59 lars Source_changeset_attached => ldmud.git master 790d211f
2018-01-29 21:57 lars Source_changeset_attached => ldmud.git master 790d211f