Closed Bug 442770 Opened 17 years ago Closed 16 years ago

Infinite recursion calling hasOwnProperty()

Categories

(Tamarin Graveyard :: Virtual Machine, defect, P2)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME
Milestone:
flash10.1

People

(Reporter: cpeyer, Assigned: stejohns)

References

Details

(Keywords: flashplayer)

Attachments

(1 file)

files to repro bug
4.89 KB, application/x-zip-compressed
Details
Attached file files to repro bug
Transferred from player bugbase #232477: Reproduction: 1. Unzip hasOwnProperty.zip. 2. Run proxyloader.swf 3. Click in the green rectangle that is labeled "test". Actual Results: Error: Error #1023: Stack overflow occurred. at Object$/_hasOwnProperty() at Object/http://adobe.com/AS3/2006/builtin::hasOwnProperty() at Object$/_hasOwnProperty() at Object/http://adobe.com/AS3/2006/builtin::hasOwnProperty() at Object$/_hasOwnProperty() at Object/http://adobe.com/AS3/2006/builtin::hasOwnProperty() at Object$/_hasOwnProperty() Expected Results: I expect ProxyTest.getProperty() to be called (see below). override flash_proxy function getProperty(name:*):* { trace("getProperty: name = " + name); return "Hello"; } Workaround: Load the application into a child ApplicationDomain instead of a peer ApplicationDomain. You can see this works by modifying the below code in proxyloader.initialize(): ... var lc:LoaderContext = null; lc = new LoaderContext(false, new ApplicationDomain()); thing6.load(new URLRequest("app.swf"), lc); ... Comment out the second line that sets lc to a peer ApplicationDomain. With the line commented out lc will be null when passed into thing6.load. Transferred Comments: [dloverin 6/23/08] Entered Bug. [dloverin 6/23/08] This bug was found while developing a Flex SDK feature. Please see bug https://bugs.adobe.com/jira/browse/SDK-15820. [mai 6/23/08] Sending to QRB [dloverin 6/23/08] Additional information about the bug. I found this code in ProxyGlue.cpp to be part of the problem. When the infinite recursion happens “Binding b” is zero which seems to kick it off the recursion. #define PROXY_CLASS() ((ProxyClass*)toplevel()->getPlayerClass(abcclass_flash_utils_Proxy)) … Atom ProxyObject::getUintProperty(uint32 i) const { Atom argv[] = { atom(), core()->internUint32 (i)->atom() }; int argc = 1; Binding b = PROXY_CLASS()->getProperty; MethodEnv* method = vtable->methods[urshift(b,3)]; return method->coerceEnter(argc, argv); } [tedcasey 6/23/08] Chris, can you determine if there's a new bug that needs to be filed here, or if the current bug in JIRA just needs to be directed at the VM team? Thanks! [dloverin 6/23/08] I can reproduce this every time using Player 9,0,115,0 and the provided swf. I'm running on Windows XP.
Summary: Infiinite recursion calling hasOwnProperty() → Infinite recursion calling hasOwnProperty()
Keywords: flashplayer
Verified issue still occurs in FP10r12
Flags: in-testsuite?
Flags: flashplayer-triage+
Flags: flashplayer-qrb?
Blocks: AS3_Builtins, 478870
Blocks: 481413
No longer blocks: 478870
Target Milestone: --- → flash10.x
No longer blocks: 481413
Assignee: nobody → stejohns
Severity: normal → major
Priority: -- → P2
Flags: flashplayer-qrb? → flashplayer-qrb+
Not repeating for me in current Argo builds. Chris, can you double-check to see if it's repeating for you?
Verified worksforme Argo 10 1 50 333
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
No vm testcase possible for ApplicationDomain.
Flags: in-testsuite? → in-testsuite-
Alternate workaround is to create a dummy instance of the Proxy class in the loading SWF. var dummyProxy:Proxy = new Proxy();
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: