Closed Bug 532887 Opened 15 years ago Closed 15 years ago

Sampler::sampleSpaceCheck might crash if the AS3 callback throws an exception

Categories

(Tamarin Graveyard :: Virtual Machine, defect)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: achicu, Assigned: lhansen)

Details

(Whiteboard: Has patch)

Attachments

(1 file)

patch
591 bytes, patch
lhansen
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9
Build Identifier: 8aaad35edfac

Sampler::sampleSpaceCheck doesn't have any TRY/CATCH block, so all the exceptions can go unhandled and crash later in avmplus::ExceptionFrame::throwException(avmplus::Exception*).

Reproducible: Sometimes

Steps to Reproduce:
1. add a callback that throws exceptions.
2. create many samples (by executing code) until the buffer is full and the callback kicks in.
3. The callback throws exception and the shell should crash.
Actual Results:  
crash

Expected Results:  
no crash
It cannot be reproduced in shell because it already has a try/catch from the script.

I could reproduce it in AIR while profiling javascript that might not have any AS3 on the stack.
Attached patch patchSplinter Review 

        Attachment #416410 -
        Flags: review?(lhansen)

    
    

    
  
Comment on attachment 416410 [details] [diff] [review]
patch

Probably good enough - it does not seem worth the bother to propagate the exception any further.

I'll land the patch.

        Attachment #416410 -
        Flags: review?(lhansen) → review+

    
  
Assignee: nobody → lhansen
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

    
  
Whiteboard: Has patch

    
    

    
  
redux changeset:   3275:69c5f43c524b
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

    
    

    
  
Engineering work item.  Marking as verified.
Status: RESOLVED → VERIFIED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: