|
More 'insecure code' errors, now in my addons!
So ZOS changed something. I can't find any reference to what it was, but it is causing many addons to generate random 'insecure code' LUA errors, with no mention of the addon or any hooks it uses in the traceback, making it something of a challenge to track down.
For example Master Recipe List. It is causing the following errors when changing categories on the Crown Store purchase tab of the Housing Editor: Code:
EsoUI/Ingame/HousingEditor/FurnitureClasses_Shared.lua:450: attempt to access a private function 'GetMarketProductPricingByPresentation' from insecure codeCode:
function ZO_HousingMarketProduct:GetMarketProductPricingByPresentation()So, how are we supposed to troubleshoot a thing like this? |
The E issue can also apply to other things (like confirmation windows, not just inventory) and does not trigger an error message, which makes it extra special. They've definitely broken something and it seems to be affecting seemingly unrelated facets of the game.
|
Nothing to do but start commenting out blocks of code and seeing which is causing it. Starting with all hooks...
|
here's the diffs from 2.6.4 to 2.7.5, beginning with the inventory files: https://github.com/esoui/esoui/commi...de21c06da19cf6
I'm looking through them, but more eyes would be helpful. |
OK, so I managed to track down this specific case, and (HOPEFULLY) it will help others to eliminate this from their addons as well.
It appears to be a change in the way ZOS is handling hooks to certain global functions. For example in Master Recipe List, I narrowed the above errors down to two specific hooks. By changing these to use ZO_PreHook() I was able to keep the functionality of the hook and avoid these insecure code errors. So: Code:
local ESOMRL_ZO_TreeHeader_OnMouseUp = ZO_TreeHeader_OnMouseUpCode:
ZO_PreHook("ZO_TreeHeader_OnMouseUp",Code:
local ESOMRL_ZO_TreeSetNodeOpen = ZO_Tree.SetNodeOpenCode:
ZO_PreHook(ZO_Tree, "SetNodeOpen",EDIT: So the obvious question for Master Chip (or anyone more knowledgeable) would be, WHY? :) If I had to guess it would be the way internal references are cleared out from the active context, and it not happening with custom hooks because of some "waiting for return" type state, and some other, newer function that requires code states be "unburdened" by such waiting states in order to be considered "secure." /stabdark |
Addon land is all considered insecure.
When you do: Code:
local func = ZO_FuncZO_PreHook has always been the correct way because it doesn't move ZO_Func into addon land. |
So what you're saying is, we walk in insecure lands. :p
I wonder if this might be related to the inventory issues... |
That's why I identified the object pool corruption in the other thread.
edit: at least for me |
So, what would be the accepted method for modifying function result data AFTER the original function has run?
Copying the entire original function into the prehook then modifying it and returning true seems bad. It would seemingly be mutually exclusive to other addons hooking the same function, no? |
|
@Diesosoon
That error looks completely unrelated to this discussion. Please start a thread in addon help with that error and your addon list. |
So In fixing this I am going back through my code and replacing hooks that don't need post processing with ZO_PreHook. I am wondering though, would it be "safe" to post-hook tooltips? It seems like everyone does, and it would need some fancy workaround to avoid the added lines going to the top of the tooltip instead of the bottom if using prehooks.
Here is what I am doing now: Code:
local ESOMRLSetBagItemTooltip = ItemTooltip.SetBagItem |
Quote:
|
EDIT: Forgive this last update was premature.
|
OK, so I have narrowed this inventory drag insecure LUA error down to a combination of TWO specific addons.
Map Coordinates by Garkin Votan's Mini Map With no other addons running, I can reliably generate the error with these two loaded together. |
Quote:
|
I don't see why Map Coordinates (and in a larger scope map addons) would trigger an insecure code. There's nothing in its code touching it. Used it daily for months and 0 issue.
|
Quote:
Here is a video showing the process: How to duplicate the error If for whatever reason you can't duplicate this on the first try (as I said the interaction seems random), just enable any other addon, reload, then disable that addon, and reload again, and repeat the above steps with the inventory. Just in case something is not up to date on my end here are the versions of the two addons I have: TestAddOns.rar EDIT: You may or may not have to open the map first, mouse over it to show some coordinate changes from Map Coordinates, THEN open the inventory and drag an item. (Not confirmed.) |
Quote:
Locate this line: WORLD_MAP_FRAGMENT.duration = 100 Set it to zero: WORLD_MAP_FRAGMENT.duration = 0 I think, it is the pin mouse-over animation of the hooked pins (over the scale pins feature request) |
Quote:
UPDATE: I have confirmed that to generate this error you must follow a specific sequence: 1) Reload the game with Map Coordinates and Minimap loaded (and the above setting at 100). 2) Hit your keybind to open the map. The map MUST be the FIRST scene that you activate after reloading. 3) Click the bag icon at the top bar after the map is shown to move to the inventory. 4) Drag an item. |
Quote:
Locate WORLD_MAP_SCENE:AddFragment(ZO_FadeSceneFragment:New(MAP_COORDINATES.control)) in Garkin's addon. Change to: WORLD_MAP_SCENE:AddFragment(ZO_HUDFadeSceneFragment:New(MAP_COORDINATES.control)) |
Quote:
I also tried with both edits set, and going straight to the inventory instead of going to the map first, and either way it seems either or both of these changes together avoid the error in half a dozen tests so far. |
Quote:
One could change the fade duration of an other build-in fragment to be greather than 200ms to solve the problem, too. |
@Chip: Any chance, that build-in code is always the "last" one in the scene change transition? (Even if a custom fragment has a fade duration of 5000?)
|
Nice work tracking this down, Votan. I do have just a couple questions.
First I suppose would be, what changed? Obviously this fade time you mention wasn't a problem before the update. Also, and this could just be my own lack of understanding how scene fragments work clearly, why should the time it takes a fragment to fade in/out (presumably between scene transitions?) move it from secure to insecure code? As I understood it, scenes were just like UI container tables with fragments being the pool of sub-objects that get built on the fly when the scene fires. Unless a fragment is firing off some code in a local context that then makes reference to a protected function, I don't really understand how the whole scene could be poisoned by the time it takes a fragment to appear. |
It sounds like the game needs to end on a built-in scene or it panics. So perhaps it's not so much that the time it takes changes its security, but perhaps the last one to fade (typically a built-in, which is secure) is the one it checks for security reasons? That looks like what Votan was saying but why it'd be like that is puzzling.
|
Quote:
Look at these posts. Especially the last one. And look at the date. http://www.esoui.com/forums/showpost...5&postcount=50 http://www.esoui.com/forums/showpost...31&postcount=3 http://www.esoui.com/forums/showpost...74&postcount=9 |
| All times are GMT -6. The time now is 04:18 AM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2014 - 2022 MMOUI