Skip to content

Fix Lua object garbage collection bug #340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mikke89 merged 1 commit into from
Aug 4, 2022
Merged

Fix Lua object garbage collection bug #340

mikke89 merged 1 commit into from
Aug 4, 2022

Conversation

@slipher
Copy link

@slipher slipher commented Aug 3, 2022

Disclaimer: this fix has only been tested with our 2-year-old version of the library.

@slipher
Fix Lua object garbage collection bug
3290553 
As discovered by Ishq, multiple extant userdata Lua objects sometimes
had the same underlying 'obj' pointer (pointer to the underlying object
which is used as the key in the "DO NOT TRASH" table). Which led to
crashes. Lua does not immediately garbage-collect dead objects. This
means that for the non-owning objects (gc=false), another object could
be potentially be created at the same address before garbage collection
occurs, thereby clobbering the DO NOT TRASH entry.

The fix: use the address of the userdata, which is guaranteed to be
unique, as the DO NOT TRASH key.
@slipher slipher mentioned this pull request Aug 3, 2022
Merged
@mikke89 mikke89 added the Lua Lua binding issues label Aug 4, 2022
@mikke89
Copy link
Owner

mikke89 commented Aug 4, 2022

Thanks for upstreaming this fix!

This reminds me a lot about the discussion here: #216. If not the same issue, then at least very similar.

What do you think about the proposed (and merged) solution there-in? Do you think that solution already fixes the issue you have? And if not, could you comment on whether there could be any conflict between these two fixes.

I did run and do some basic testing with this change, and everything seems to work fine, however these issues can be hard to reproduce so it would be nice to hear your thoughts.

@DolceTriade
Copy link

DolceTriade commented Aug 4, 2022

We did cherry pick that change prior to this one and we could still reproduce the crash. Maybe our platform (Google's NaCl runtime) is more prone to the aggressive pointer location reuse but we had a 100% repro that we can use to verify fixes if you'd like 😁.

That fix is insufficient because it only fixes the case where the pointer is reused once before the original non gc object is gc'd. But if it's reused twice and the original object is gc'd before the 2nd object is sets the DNT table to true, we would still crash

@illwieckz
Copy link

illwieckz commented Aug 4, 2022
edited
Loading

I confirm I reproduce the crash on current RmlUi master but I don't manage to reproduce the bug once I cherry-picked this commit on current RmlUi master.

I used @DolceTriade's branch to port Unvanquished to latest RmlUi version to reproduce the crash on master and test the fix on master:

@mikke89
Copy link
Owner

mikke89 commented Aug 4, 2022

Thanks guys! Sounds good to me, that is more than enough to justify this change.

Appreciate the pull request.

@mikke89 mikke89 merged commit 23f2e14 into mikke89:master Aug 4, 2022
@mikke89 mikke89 added the bug Something isn't working label Aug 4, 2022
@illwieckz illwieckz deleted the gcfix-upstream branch August 5, 2022 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working Lua Lua binding issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@slipher @mikke89 @DolceTriade @illwieckz