View Issue Details

IDProjectCategoryView StatusLast Update
0002562Multi Theft Auto : San AndreasScriptingpublic2008-02-15 05:12
ReporterjbetaAssigned ToJax 
Status resolvedResolutionfixed 
PlatformAMD Athlon(tm) 64 X2 ~2.2GHzOSWindows XP Professional x64 SP1OS Version5.2, Build 3790
Product Versionblue_sa.r2.a12 
Target VersionFixed in Version1.0 
Summary0002562: Server lockup when passing tables with function values in them through call()

Passing tables with embedded function values (and presumably coroutines, haven't tested yet) locks up the server (doesn't seem to crash - the servers weren't autorestarted).

High priority since it prevents use of the votemanager through call(), if it won't be fixed a fair amount of functionality will have to be removed.

Steps To Reproduce

/start runcode
/run call(getResourceFromName "mapmanager","isGamemode",{function() end})

TagsNo tags attached.


related to 0002533 resolvedeAi Returning Lua functions or coroutines from a http exported function crashes the server 
related to 0002575 resolvedeAi Using a table with self-references as element data or a call() parameter causes a crash 
related to 0002922 resolvedJax Calling setTimer() with a table containing function values locks up server/client 



2007-10-06 18:59

updater   ~~0005932

Last edited: 2007-10-06 19:00

Just for the record, I've also tried passing functions as precompiled chunks for votemanager, but those bytecode strings won't be passed correctly since they contain embedded zeros. Could pass an array of char values to get around this, but forcing the user to run string.dump on his poll function was bad enough.

If the vote manager is to support custom polls, Lua function support for call() will be needed. If this won't be done before release, tell me and custom poll functionality will be disabled.


2007-11-11 16:10

administrator   ~~0006196

Last edited: 2007-11-11 16:11

Can't reproduce, tried (server side):

function test ( functionHere )
outputServerLog("running test!");

call ( getThisResource(), "test", {0, 5, getElementInfo, 1, 2} );
outputServerLog("called test!");

Just produces an error in the console.


2007-11-11 17:44

updater   ~~0006207

MTA functions such as getElementInfo do not cause it, but passing my own function (whether global or local) does.

My guess is this is because MTA globals are normally defined in all VMs.


2007-11-17 09:51

administrator   ~~0006323

getElementInfo was a function in my own code...


2007-11-17 10:33

updater   ~~0006334

Sorry, I misread getElementData. Ignore the previous note, I tried passing getElementInfo which is nil, hence why it worked.

Anyway, I've just killed test I and J using:

/run call ( getResourceFromName "mapmanager", "isGamemode", {setElementData} );
/run call ( getResourceFromName "mapmanager", "isGamemode", {function() end} );

The autorestart doesn't work when I do this, so I guess it asserts or freezes.


2007-11-26 17:03

administrator   ~~0006467

Last edited: 2007-11-26 20:41

The actual issue here is a lua PANIC (function name is passed as index), due to the fact that LUA_TFUNCTION types arent handled by the argument parser.

Implementing that may bring some issues, since our current functions that are able to handle LUA_TFUNCTION types, the functions are stored into a global lua tabel and referred to by indexes.


2007-12-05 06:57

updater   ~~0006604

I've changed votemanager so it accepts event names and triggers them as a callback.

Keep in mind that this issue is still exploitable by any resource, though.

Issue History

Date Modified Username Field Change