Closed Bug 554504 Opened 14 years ago Closed 14 years ago

Possible crash in AvmCore::throwErrorV() in non-debugger builds

Categories

(Tamarin Graveyard :: Virtual Machine, defect, P2)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Q3 11 - Serrano

People

(Reporter: wmaddox, Assigned: lhansen)

Details

(Whiteboard: Has patch)

Attachments

(1 file)

Patch
863 bytes, patch
edwsmith
: review+
Details | Diff | Splinter Review 
The code below will dereference NULL in a non-debugger build should type == NULL.  This is presumably an erroneous condition, but one that is allowed for.  We should at least cleanly terminate.

This issue was detected by static analysis and does not reflect an actual observed failure.

    void AvmCore::throwErrorV(ClassClosure *type, int errorID, Stringp arg1, Stringp arg2, Stringp arg3)
    {
        Stringp out = formatErrorMessageV( errorID, arg1, arg2, arg3);

        #ifdef DEBUGGER
        if (type == NULL)
        {
            // print the error message, because we're still bootstrapping
            // and the exception type is not yet defined
            console << out << "\n";
        }
        #endif

        Atom args[3] = { nullObjectAtom, out->atom(), intToAtom(errorID) };
        throwAtom(type->construct(2, args));
    }
even in DEBUGGER, it will dereference a NULL type.  The erroneous condition is only possible when the VM is bootstrapping itself, indicating a bug in the VM itself and not something a working VM could ever experience at runtime.  Ideally the whole #ifdef DEBUGGER block should be turned into an AvmAssertMsg.
Flags: flashplayer-qrb+
Priority: -- → P2
Target Milestone: --- → flash10.1
Retargeting to 10.2, not a critical issue.
Target Milestone: flash10.1 → flash10.2
Assignee: nobody → lhansen
Attached patch PatchSplinter Review 

        Attachment #438140 -
        Flags: review?(edwsmith)

    
  
Status: NEW → ASSIGNED
Whiteboard: Has patch

    
  

        Attachment #438140 -
        Flags: review?(edwsmith) → review+

    
    

    
  
tamarin-redux changeset:   4384:95d7dd9119aa
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED

    
  
Flags: flashplayer-bug+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: