Closed Bug 437715 Opened 17 years ago Closed 17 years ago

Verifier.merge() receives MIR_ld for current and target when it should be getting MIR_def

Categories

(Tamarin Graveyard :: Virtual Machine, defect)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
flash10

People

(Reporter: cpeyer, Assigned: wsharp)

Details

Bug transferred from player bugbase: 223394 Following is the transferred bug - the relevant parts are really just at the end of the bug in magnus' comments: PROBLEM: When I attempt to log in to LiveCycle Workspace using Flash build 10.0.1.211 the 'working' icon spins and spins but I never get authenticated and I am unable to access the contents of Workspace. METHOD: Using Flash build 10.0.1.211 attempt to login to LiveCycle Workspace (You can use http://gatewaywin3:8080/Workspace and jack/password) (Note: I did install the debug Flash player but no error was presented to the user and no error gets logged to the JBoss log file. However I was told by Jennifer Chang that she tried FireFox and received the following error: "Illegal Operation in Plug-in" then she was advised to restart FireFox.) RESULT: You are successfully presented with the Login page (so Workspace detects that Flash is installed) You will notice that you are unable to log in. EXPECTED: I should be able to login and access Workspace. WORKAROUND: I can use Flash 9. Transferred Comments: Watson Bug #1777121; Flash Player 10; johnchen; 05/06/2008 11:59AM I installed 9r124 release on IE6 and still can't login to http://gatewaywin3:8080/Workspace Watson Bug #1777121; Flash Player 10; johnchen; 05/06/2008 11:59AM I installed 9r124 release on IE6 and still can't login to http://gatewaywin3:8080/Workspace Watson Bug #1777121; Flash Player 10; cmckeon; 05/06/2008 12:07PM from Ben Helleman - So let me try to explain what I’m seeing. I don’t believe it has anything to do with Authentication or any security related issues. The issue which I’m seeing is when a Flex Data Services application is making a call to an Assembler on the server, the Assembler returns the value, however the player never receives the return value from the server, so the result or fault handlers never are called. I tried hitting a different application which Jeff was hosting and my Flash Player plugin blew sky-high just after loading the application, which you know makes things difficult to test. I was using the b214 build. If you need more info, give me a shout at x53890. Watson Bug #1777121; Flash Player 10; ecostell; 05/06/2008 12:35PM Open to Jim: Fully qualified path: http://gatewaywin3.can.adobe.com:8080/workspace. Jack (UserId) and password (Password). Watson Bug #1777121; Flash Player 10; jcorbett; 05/06/2008 1:16PM I logged in fine with 10.0d473 on IE7. Watson Bug #1777121; Flash Player 10; jcorbett; 05/06/2008 1:37PM Worked in Firefox 2.0 and IE with b214 as well. Watson Bug #1777121; Flash Player 10; bhellema; 05/12/2008 5:38AM I have tried builds 214 and 218 and neither of them have worked for me or Robert Hache. There still seems to be an issue with the Data Services layer communicating back to Flex. Watson Bug #1777121; Flash Player 10; jcorbett; 05/13/2008 4:25PM Still can't repro - off to Magnus as he can. Watson Bug #1777121; Flash Player 10; magnus; 05/14/2008 4:51PM CodegenMIR::merge (part of the VM) gets called for the wrong portion of code to merge. A check for MIR_def is a workaround. Still searching for the root cause. Watson Bug #1777121; Flash Player 10; magnus; 05/16/2008 4:49PM injected by change 403826 Watson Bug #1786349; LiveCycle 8.2.1; trbaker; 05/20/2008 6:04AM Ed, can you take a look at this? Is there more to it than FP bug 1777121? Also see fpbugapp # 225085, so I think even if we got past this DMS with tbeta 2 of FP10 isn't usable. Watson Bug #1786349; LiveCycle 8.2.1; trbaker; 05/20/2008 10:34AM Per Ed, This is a dupe of fpbugapp # 225085. The client does receive the response from the server but then crashes in the early stages of handling the response. Watson Bug #1786349; LiveCycle 8.2.1; trbaker; 05/20/2008 1:24PM Marking bug same status as 1777132, totest/waiting and clearing "fix for version" Watson Bug #1777132; LiveCycle 8.2.1; sujatab; 05/20/2008 3:28PM BRC: Flash 10 is not supported. Flash 10 ships in September. Either defer this bug to SP release or later. Watson Bug #1777132; LiveCycle 8.2.1; cmorris; 05/21/2008 7:10AM Closing, as this is a Flash bug. Will track through 1777121. Watson Bug #1777121; Flash Player 10; cmorris; 05/21/2008 7:11AM Bug #1777132 has been changed to Closed/Withdrawn/NotThisProduct Watson Bug #1786349; LiveCycle 8.2.1; cmorris; 05/21/2008 7:11AM Bug #1777132 has been changed to Closed/Withdrawn/NotThisProduct Watson Bug #1786349; LiveCycle 8.2.1; sthompso; 05/21/2008 7:44AM Closing Withdrawn. Watson Bug #1777121; Flash Player 10; sthompso; 05/21/2008 7:44AM Bug #1786349 has been changed to Closed/Withdrawn/NotThisProduct Watson Bug #1777132; LiveCycle 8.2.1; sthompso; 05/21/2008 7:44AM Bug #1786349 has been changed to Closed/Withdrawn/NotThisProduct Watson Bug #1777121; Flash Player 10; magnus; 05/28/2008 12:02PM this bug is deep within the VM, take more than a day to fix this while working/learning with Rick and/or Ed. Watson Bug #1777121; Flash Player 10; magnus; 05/28/2008 4:24PM he issue is Verifier.merge() receives MIR_ld for current and target when it should be getting MIR_def. may need to transfer to Rick R. or Edwin S. for a quicker fix on this.
Here is the changelist description for p4 change 403826 (cause of this bug): ABC bytecode that sets a local right before a try block can sneak an untyped atom into the catch block which will then treat it as an object to execute arbitrary code. Found by code inspection/super-duper-brain-power by Ed Smith. push int 0xBADPTR setlocal 1 // verifier says this is an int try { throw OP_kill // verifier was changing type to * } catch { setlocal 1 // loads BADPTR as * callprop // deferences bad ptr } Dev/QA impact: n/a QA testing notes: n/a API change: n/a Bugs fixed: http://frpbugapp.macromedia.com/bugapp/detail.asp?ID=220520 Doc impact: n/a Smokes passed: ATS+, checkinapp Silk Test Passed: n/a Reviewer: n/a Spec link: n/a
Assignee: nobody → wsharp
Target Milestone: --- → flash10
Fixed in player codebase with change 427287
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Resolved fixed engineering / work item that has been pushed. Setting status to verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.