View Issue Details

IDProjectCategoryView StatusLast Update
0002562Multi Theft Auto : San AndreasScriptingpublic2008-02-15 05:12
ReporterjbetaAssigned ToJax 
PriorityhighSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
PlatformAMD Athlon(tm) 64 X2 ~2.2GHzOSWindows XP Professional x64 SP1OS Version5.2, Build 3790
Product Versionblue_sa.r2.a12 
Target VersionFixed in Version1.0 
Summary0002562: Server lockup when passing tables with function values in them through call()
Description

Passing tables with embedded function values (and presumably coroutines, haven't tested yet) locks up the server (doesn't seem to crash - the servers weren't autorestarted).

High priority since it prevents use of the votemanager through call(), if it won't be fixed a fair amount of functionality will have to be removed.

Steps To Reproduce

/start runcode
/run call(getResourceFromName "mapmanager","isGamemode",{function() end})

TagsNo tags attached.

Relationships

related to 0002533 resolvedeAi Returning Lua functions or coroutines from a http exported function crashes the server 
related to 0002575 resolvedeAi Using a table with self-references as element data or a call() parameter causes a crash 
related to 0002922 resolvedJax Calling setTimer() with a table containing function values locks up server/client 

Activities

jbeta

2007-10-06 18:59

updater   ~~0005932

Last edited: 2007-10-06 19:00

Just for the record, I've also tried passing functions as precompiled chunks for votemanager, but those bytecode strings won't be passed correctly since they contain embedded zeros. Could pass an array of char values to get around this, but forcing the user to run string.dump on his poll function was bad enough.

If the vote manager is to support custom polls, Lua function support for call() will be needed. If this won't be done before release, tell me and custom poll functionality will be disabled.

eAi

2007-11-11 16:10

administrator   ~~0006196

Last edited: 2007-11-11 16:11

Can't reproduce, tried (server side):

function test ( functionHere )
outputServerLog("running test!");
end

call ( getThisResource(), "test", {0, 5, getElementInfo, 1, 2} );
outputServerLog("called test!");

Just produces an error in the console.

jbeta

2007-11-11 17:44

updater   ~~0006207

MTA functions such as getElementInfo do not cause it, but passing my own function (whether global or local) does.

My guess is this is because MTA globals are normally defined in all VMs.

eAi

2007-11-17 09:51

administrator   ~~0006323

getElementInfo was a function in my own code...

jbeta

2007-11-17 10:33

updater   ~~0006334

Sorry, I misread getElementData. Ignore the previous note, I tried passing getElementInfo which is nil, hence why it worked.

Anyway, I've just killed test I and J using:

/run call ( getResourceFromName "mapmanager", "isGamemode", {setElementData} );
/run call ( getResourceFromName "mapmanager", "isGamemode", {function() end} );

The autorestart doesn't work when I do this, so I guess it asserts or freezes.

IJs

2007-11-26 17:03

administrator   ~~0006467

Last edited: 2007-11-26 20:41

The actual issue here is a lua PANIC (function name is passed as index), due to the fact that LUA_TFUNCTION types arent handled by the argument parser.

Implementing that may bring some issues, since our current functions that are able to handle LUA_TFUNCTION types, the functions are stored into a global lua tabel and referred to by indexes.

jbeta

2007-12-05 06:57

updater   ~~0006604

I've changed votemanager so it accepts event names and triggers them as a callback.

Keep in mind that this issue is still exploitable by any resource, though.

Issue History

Date Modified Username Field Change