How to deal with taint issues? - WoWInterface
Thread Tools Display Modes
05-24-20, 07:30 AM   #1
A Wyrmkin Dreamwalker
Join Date: Feb 2012
Posts: 52
How to deal with taint issues?


I've been the whole morning trying to understand the taint logs and why I'm getting this error in my addon and it doens't make too much sence to me. This is the first time I have to deal with something like this, so I'm a little bit lost.

Here is the log:
5/24 14:59:11.579  Global variable INTERFACE_ACTION_BLOCKED_SHOWN tainted by RareScanner - Interface\FrameXML\UIParent.lua:5448 DisplayInterfaceActionBlockedMessage()
5/24 14:59:11.579      Interface\FrameXML\UIParent.lua:3282 CheckProtectedFunctionsAllowed()
5/24 14:59:11.579      Interface\FrameXML\UIParent.lua:3294 ShowUIPanel()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:2378 EncounterJournal_OpenJournal()
5/24 14:59:11.579      Interface\AddOns\Blizzard_SharedMapDataProviders\DungeonEntranceDataProvider.lua:33 <unnamed>:OnClick()
5/24 14:59:11.579      Interface\AddOns\Blizzard_MapCanvas\Blizzard_MapCanvas.lua:124
5/24 14:59:11.579  Execution tainted by RareScanner while reading EncounterJournalBossButton1 - Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:1720 EncounterJournal_ClearDetails()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:692 EncounterJournal_DisplayInstance()
5/24 14:59:11.579      Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:2381 EncounterJournal_OpenJournal()
5/24 14:59:11.579      Interface\AddOns\Blizzard_SharedMapDataProviders\DungeonEntranceDataProvider.lua:33 <unnamed>:OnClick()
5/24 14:59:11.579      Interface\AddOns\Blizzard_MapCanvas\Blizzard_MapCanvas.lua:124
And according to that stacktrace, the line affected is:
Interface\AddOns\Blizzard_EncounterJournal\Blizzard_EncounterJournal.lua:1720 EncounterJournal_ClearDetails():

1719: local bossIndex = 1
1720: local bossButton = _G["EncounterJournalBossButton"..bossIndex];
The error occurs while I'm in combat and I try to click on a "raid" or "dungeon" icon on the worldmap.

My addon doesn't use anything from the EncounterJournal, so I imagine this error comes from somewhere else.

Ideas? I'm not asking for the solution, I'm asking for a guide of how can I find the relation between that error and my bug.

  Reply With Quote
05-24-20, 07:55 AM   #2
A Molten Giant
Ketho's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2010
Posts: 982
Not sure but it might be taint from WorldMapFrame:AddDataProvider() or something else tainting the WorldMapFrame

Which in turn would show an interface action blocked message when calling ShowUIPanel() in combat from now-tainted code

Last edited by Ketho : 05-24-20 at 08:11 AM.
  Reply With Quote
05-24-20, 08:28 AM   #3
A Wyrmkin Dreamwalker
Join Date: Feb 2012
Posts: 52
Hey Ketho.

Thanks for your answer.

The first thing I did was to comment the parts of the code where I was using the "WorldMapFrame", which are in 2 places:
- WorldMapFrame:AddDataProvider()
- WorldMapFrame.overlayFrames

I also modified the library HereBeDragons that I use in my addon to stop using the WorldMapFrame. But yet... the error persists.

  Reply With Quote
05-24-20, 08:50 AM   #4
A Warpwood Thunder Caller
AddOn Author - Click to view addons
Join Date: Sep 2006
Posts: 92
It says that you have tainted EncounterJournalBossButton1 at some point. You will need to look further back in the log to find out where.

Then, during the defualt UI's execution - it read EncounterJournalBossButton1 and tainted itself.

You should post the whole taint log
  Reply With Quote
05-24-20, 09:03 AM   #5
A Scalebane Royal Guard
MunkDev's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2015
Posts: 431
Taint is pretty easy to understand, but these forums make it complicated by saying "you can't trust the logs". What you basically need to do is look for any piece of code that modifies existing Blizzard code without using provided widget API. The problem with taint is generally that you replace methods or variables used in secure scopes, or that you call a method/function that has side effects.

What you can't safely do:
Lua Code:
  1. -- this can spread taint if the method has side effects,
  2. -- such as modifying a table or variable which can be accessed by secure code
  3. SomeBlizzardFrame:MethodImplementedInLua(...);
  4. -- this will taint a key in the table SomeBlizzardFrame,
  5. -- because you modified it from insecure code
  6. SomeBlizzardFrame.someTableKeyUsedByBlizzard = someValue;
  8. -- this is a bad way of hooking/replacing a method.
  9. -- the only way to do it correctly is to use hooksecurefunc
  10. local oldFunction = SomeBlizzardFrame.FunctionYouWantToHook;
  11. function SomeBlizzardFrame:FunctionYouWantToHook(...)
  12.     -- do something new
  13.     oldFunction(self, ...);
  14. end
  16. -- this variable is now tainted, and if it's accessed by secure code,
  17. -- the entire execution path thereafter will also be tainted

The issue with calling existing methods implemented in pure Lua (if you can find the function definition in the Lua source code, it's risky to call it) can be a bit obscure, but I'll show you an example. Let's say you have a function like this:
Lua Code:
  1. function SomeBlizzardFrame:MethodImplementedInLua(...)
  2.     -- function does a bunch of things, but at the end...
  3.     self.update = true;
  4. end
The last line there will taint the frame if YOU call it, but not if Blizzard calls it. This is a side effect, meaning that the function does not only affect the data you send to it, but also some data that persists after the function call. Generally, methods like this that add things to datasets, or stores them somewhere using a normal table, will spread your taint.

Blizzard has workarounds for some things that addons need to be able to access, and in that case you will find Blizzard using securecall to wrap the function call in a secure closure (meaning taint will not affect the outcome), or the opposite forceinsecure to say "we don't know this next bit of code is going to be safe".

The reason you get a weird reference to something you haven't even touched, is that you touched the code somewhere BEFORE that line was executed, which is when the tainted execution path was discovered. You can't trust the log in that sense, but tracing back from where the error occurred will lead to where you modified something that eventually carried taint to the breaking point.

As a rule of thumb, it's easier to look for places where you used/modified existing code indiscriminately, than it is to follow the stack trace from a taint error.

Last edited by MunkDev : 09-20-20 at 04:30 PM.
  Reply With Quote
05-24-20, 09:58 AM   #6
A Wyrmkin Dreamwalker
Join Date: Feb 2012
Posts: 52
MunkDev, thank you very much for your guide.
That's actually what I was looking for.

I've been reading about taint in other places and they make it sound so complicated, when actually is fairly simple. Too bad I didn't have this information when I started to develope the addon, now I will have to review all the code to see where I'm doing the things wrong.

  Reply With Quote
05-24-20, 01:20 PM   #7
nUI Maintainer
Xrystal's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Feb 2006
Posts: 5,627
Ditto on that thanks .. it appears nUI's old code used alot of *bad* functionality that was all that was known way back when I assume ... the addon is almost as old as wow rofl.

I'll have to book mark this thread so I can go back to it when I want to go through my addons and make sure that I am not doing anything just as bad myself rofl.
  Reply With Quote

WoWInterface » Developer Discussions » Lua/XML Help » How to deal with taint issues?

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off