New tainting problem in 2.1 PTR

Vangual · 04-28-07, 02:15 PM

While I was testing my addons on 2.1 I've hit some major tainting issues.

I've written a somewhat minimal test-case addon that essentially doesn't do anything other than create a few frames and secure buttons, and sets them some attributes to hide/show and react on mouseover using SecureAnchorEnter.

However simply loading this testcase addon will already taint most Action Buttons of other addons already and yield the following error:

Code:

[2007/04/28 22:03:42-749-x1]: <event>ADDON_ACTION_BLOCKED:AddOn 'TGBugTestCase' tried to call the protected function 'UNKNOWN'.
<in C code>: ?
<in C code>: ?
<in C code>: in function `UseAction'
Interface\FrameXML\SecureTemplates.lua:218: in function `SecureActionButton_OnClick':
<string>:"*:OnClick":1: in function <[string "*:OnClick"]:1>
(tail call): ?:
<in C code>: in function `securecall'
Interface\FrameXML\SecureStateHeader.lua:998: in function <Interface\FrameXML\SecureStateHeader.lua:979>:

You can download the standalone testcase addon here:
http://xplo.org/wow/addons/tg/TGBugTestCase.zip
Or for viewing convenience:
http://wowi.pastey.net/18679

Please note that I'm not very good with the secure state system yet, I've learned and gathered together my knowledge mostly by looking at existing Addons. As such you'll likely find something I'm doing wrong or unnecessary code, PLEASE point those stupidities out to me.

Did I hit a bug on 2.1 here or am I just doing something terribely wrong that was forbidden recently?

Edit1: This error is existing in build 0.1.0 6607

**Shirik** · 04-28-07, 04:38 PM

I thought we already answered this on #wowi-lounge :/

This is a bug, and Blizzard knows about it. It used to be a lot worse, and they're slowly patching up the issues. It's a bug in their Lua code which is resulting in the execution path to become tainted. As a result, any secure functionality that you try to use which requires use of that code becomes tainted (and reports your addon as the cause). We can pretty much rest assured that it will be fixed before release (slowly, but surely, they're patching them all up).

EDIT: P.S. I think the issue is caused by line 58 of your pastey. If my guess is correct (untested), I think the new feature they added where textures dynamically update for macros could cause an issue there. Nothing more than a guess, though (and I'd blame that more on Blizzard than you... I think what you did should be legal).

Vangual · 04-29-07, 01:40 AM

Thanks Shirik. That's the kinda specific reply i was looking for. Gonna look forward to the next PTR patches then.