Sampler::sampleSpaceCheck might crash if the AS3 callback throws an exception

VERIFIED FIXED

Status

Tamarin
Virtual Machine
VERIFIED FIXED
8 years ago
8 years ago

People

(Reporter: Alexandru Chiculita, Assigned: Lars T Hansen)

Tracking

Details

(Whiteboard: Has patch)

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-us) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9
Build Identifier: 8aaad35edfac

Sampler::sampleSpaceCheck doesn't have any TRY/CATCH block, so all the exceptions can go unhandled and crash later in avmplus::ExceptionFrame::throwException(avmplus::Exception*).

Reproducible: Sometimes

Steps to Reproduce:
1. add a callback that throws exceptions.
2. create many samples (by executing code) until the buffer is full and the callback kicks in.
3. The callback throws exception and the shell should crash.
Actual Results:  
crash

Expected Results:  
no crash
(Reporter)

Comment 1

8 years ago
It cannot be reproduced in shell because it already has a try/catch from the script.

I could reproduce it in AIR while profiling javascript that might not have any AS3 on the stack.
(Reporter)

Comment 2

8 years ago
Created attachment 416410 [details] [diff] [review]
patch
Attachment #416410 - Flags: review?(lhansen)
(Assignee)

Comment 3

8 years ago
Comment on attachment 416410 [details] [diff] [review]
patch

Probably good enough - it does not seem worth the bother to propagate the exception any further.

I'll land the patch.
Attachment #416410 - Flags: review?(lhansen) → review+
(Assignee)

Updated

8 years ago
Assignee: nobody → lhansen
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Updated

8 years ago
Whiteboard: Has patch
(Assignee)

Comment 4

8 years ago
redux changeset:   3275:69c5f43c524b
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED

Comment 5

8 years ago
Engineering work item.  Marking as verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.