Thread Tools Display Modes
04/18/17, 08:03 AM   #41
votan
 
votan's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2014
Posts: 577
Originally Posted by ZOS_ChipHilseberg View Post
Votan, I've been toying with that idea for the past week or so. As soon as I can reproduce the bug I'll evaluate how well it applies for this specific situation.
Of course. I'll keep my fingers crossed.
  Reply With Quote
04/18/17, 01:57 PM   #42
ZOS_ChipHilseberg
ZOS Staff!
Premium Member
Yes this person is from ZeniMax!
Join Date: Oct 2014
Posts: 551
Alright, so here's what we're thinking. We'd change virtuals to always create their handler closures as trusted as long as the virtual was created during the secure part of the load process (is part of the stock UI). This should mean the mouse enter on the inventory slot is created as secure even if an addon causes the control to be created and that should prevent the tainting issue.
  Reply With Quote
04/18/17, 02:45 PM   #43
Rhyono
AddOn Author - Click to view addons
Join Date: Sep 2016
Posts: 659
Sounds like that should solve all of the current iterations of the issue that I've experienced. Will this be released on the PTS?
  Reply With Quote
04/18/17, 11:32 PM   #44
votan
 
votan's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2014
Posts: 577
Thank You Chip.

I know you will gonna hate me, but what about this classic one:
Lua Code:
  1. if MyBadWindow then return end
  2.  
  3. local topLevel = WINDOW_MANAGER:CreateTopLevelWindow("MyBadWindow")
  4. MYBADFRAGMENT = ZO_FadeSceneFragment:New(topLevel, true, 250)
  5. WORLD_MAP_SCENE:AddFragment(MYBADFRAGMENT)
Open the world map and from there click on the crown store market.

Code:
EsoUI/Ingame/Scenes/IngameFragments.lua:461: attempt to access a private function 'StopAllMovement' from insecure code
stack traceback:
	EsoUI/Ingame/Scenes/IngameFragments.lua:461: in function 'ZO_StopMovementFragment:Show'
	EsoUI/Libraries/ZO_Scene/ZO_SceneFragment.lua:128: in function 'ZO_SceneFragment:ShouldBeShown'
	EsoUI/Libraries/ZO_Scene/ZO_SceneFragment.lua:172: in function 'ZO_SceneFragment:Refresh'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:291: in function 'ZO_Scene:RefreshFragmentsHelper'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:299: in function 'ZO_Scene:RefreshFragments'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:256: in function 'ZO_Scene:SetState'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:416: in function 'ZO_RemoteScene:SetState'
	EsoUI/Libraries/ZO_Scene/ZO_SceneManager.lua:182: in function 'ZO_SceneManager:ShowScene'
	EsoUI/Libraries/ZO_Scene/ZO_SceneManager.lua:474: in function 'ZO_SceneManager:OnSceneStateChange'
	EsoUI/Ingame/Scenes/IngameSceneManager.lua:326: in function 'ZO_IngameSceneManager:OnSceneStateChange'
I think it is the ZO_Scene:SetState(newState) which does all the state change callbacks to build-in code.
  Reply With Quote
04/19/17, 07:41 AM   #45
ZOS_ChipHilseberg
ZOS Staff!
Premium Member
Yes this person is from ZeniMax!
Join Date: Oct 2014
Posts: 551
Originally Posted by Rhyono View Post
Sounds like that should solve all of the current iterations of the issue that I've experienced. Will this be released on the PTS?
I'll try my best.
  Reply With Quote
04/19/17, 07:41 AM   #46
ZOS_ChipHilseberg
ZOS Staff!
Premium Member
Yes this person is from ZeniMax!
Join Date: Oct 2014
Posts: 551
Originally Posted by votan View Post
Thank You Chip.

I know you will gonna hate me, but what about this classic one:
Lua Code:
  1. if MyBadWindow then return end
  2.  
  3. local topLevel = WINDOW_MANAGER:CreateTopLevelWindow("MyBadWindow")
  4. MYBADFRAGMENT = ZO_FadeSceneFragment:New(topLevel, true, 250)
  5. WORLD_MAP_SCENE:AddFragment(MYBADFRAGMENT)
Open the world map and from there click on the crown store market.

Code:
EsoUI/Ingame/Scenes/IngameFragments.lua:461: attempt to access a private function 'StopAllMovement' from insecure code
stack traceback:
	EsoUI/Ingame/Scenes/IngameFragments.lua:461: in function 'ZO_StopMovementFragment:Show'
	EsoUI/Libraries/ZO_Scene/ZO_SceneFragment.lua:128: in function 'ZO_SceneFragment:ShouldBeShown'
	EsoUI/Libraries/ZO_Scene/ZO_SceneFragment.lua:172: in function 'ZO_SceneFragment:Refresh'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:291: in function 'ZO_Scene:RefreshFragmentsHelper'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:299: in function 'ZO_Scene:RefreshFragments'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:256: in function 'ZO_Scene:SetState'
	EsoUI/Libraries/ZO_Scene/ZO_Scene.lua:416: in function 'ZO_RemoteScene:SetState'
	EsoUI/Libraries/ZO_Scene/ZO_SceneManager.lua:182: in function 'ZO_SceneManager:ShowScene'
	EsoUI/Libraries/ZO_Scene/ZO_SceneManager.lua:474: in function 'ZO_SceneManager:OnSceneStateChange'
	EsoUI/Ingame/Scenes/IngameSceneManager.lua:326: in function 'ZO_IngameSceneManager:OnSceneStateChange'
I think it is the ZO_Scene:SetState(newState) which does all the state change callbacks to build-in code.
Honestly this probably doesn't need to be a private function. But you could also reduce the duration of the fade to be shorter than 200ms and it wouldn't be the fragment that triggered the show on the crown store scene.
  Reply With Quote
04/19/17, 07:57 AM   #47
votan
 
votan's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2014
Posts: 577
Originally Posted by ZOS_ChipHilseberg View Post
Honestly this probably doesn't need to be a private function. But you could also reduce the duration of the fade to be shorter than 200ms and it wouldn't be the fragment that triggered the show on the crown store scene.
Yes. I know that. We tracked that down. Was just a try.
Would it be possible to defer the call to private function with a EVENT_MANAGER:RegisterForUpdate("<id>", 0, localFunction) to remove the tainted call-stack ?
  Reply With Quote
04/21/17, 01:32 PM   #48
ZOS_ChipHilseberg
ZOS Staff!
Premium Member
Yes this person is from ZeniMax!
Join Date: Oct 2014
Posts: 551
Alright, so here's what has gone in internally:
  • The security error now indicates which part of the stack was the first thing to be tainted.
  • Script handlers from trusted virtuals are now trusted.
  • StopAllMovement is public
  • I also increased the max length of the lua stack trace from 10 to 30

Hopefully all of this should make it for Morrowind. I've tested both of the errors listed in this thread and both are fixed with these changes.
  Reply With Quote
04/21/17, 03:41 PM   #49
votan
 
votan's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2014
Posts: 577
Originally Posted by ZOS_ChipHilseberg View Post
Alright, so here's what has gone in internally:
  • The security error now indicates which part of the stack was the first thing to be tainted.
  • Script handlers from trusted virtuals are now trusted.
  • StopAllMovement is public
  • I also increased the max length of the lua stack trace from 10 to 30

Hopefully all of this should make it for Morrowind. I've tested both of the errors listed in this thread and both are fixed with these changes.
Thank You very much.
This will help us a lot.
  Reply With Quote
04/22/17, 12:55 AM   #50
sirinsidiator
 
sirinsidiator's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2014
Posts: 1,566
Originally Posted by ZOS_ChipHilseberg View Post
Alright, so here's what has gone in internally:
  • The security error now indicates which part of the stack was the first thing to be tainted.
  • Script handlers from trusted virtuals are now trusted.
  • StopAllMovement is public
  • I also increased the max length of the lua stack trace from 10 to 30

Hopefully all of this should make it for Morrowind. I've tested both of the errors listed in this thread and both are fixed with these changes.

Can't wait for it.
  Reply With Quote
04/22/17, 09:39 PM   #51
Noobanidus
 
Noobanidus's Avatar
AddOn Author - Click to view addons
Join Date: May 2015
Posts: 23
Originally Posted by ZOS_ChipHilseberg View Post
Alright, so here's what has gone in internally:
  • The security error now indicates which part of the stack was the first thing to be tainted.
  • Script handlers from trusted virtuals are now trusted.
  • StopAllMovement is public
  • I also increased the max length of the lua stack trace from 10 to 30

Hopefully all of this should make it for Morrowind. I've tested both of the errors listed in this thread and both are fixed with these changes.
Wonderful! I honestly can't count on one hand the number of people who have complained recently in guild or TeamSpeak about constantly having to reload their UI after encountering these types of errors. This change will be a dramatic improvement for the population of the game who run trading addons, etc.
  Reply With Quote
04/27/17, 12:00 AM   #52
manavortex
 
manavortex's Avatar
AddOn Author - Click to view addons
Join Date: May 2014
Posts: 138
  Reply With Quote

ESOUI » Developer Discussions » General Authoring Discussion » @ZOS: Improve "Access a private function" error message

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off