Closed Bug 552298 Opened 15 years ago Closed 15 years ago

Shell crashes with 2+ swfs on the commandline

Categories

(Tamarin Graveyard :: Virtual Machine, defect, P4)

Product:
Tamarin Graveyard
Component:
Virtual Machine
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
Q3 11 - Serrano

People

(Reporter: edwsmith, Assigned: edwsmith)

Details

(Whiteboard: Has patch)

Attachments

(1 file)

Allocate ABC buffer and copy into it, stead of pointing to SWF interior
1.56 KB, patch
lhansen
: review+
Details | Diff | Splinter Review
handleDoAbc() creates a ReadOnlyScriptBuffer that points to an ABC within a SWF. PoolObject points to the ReadOnlyScriptBuffer, but the container swf gets unloaded, causing a later crash in string interning code. Easiest fix is to use AvmCore::newScriptBuffer() to allocate and copy the ABC data out of the SWF. Then the SWF can safely be deallocated. Alternate fix is to extend ReadOnlyScriptBuffer to pin the container SWF, ie keep a container pointer in addition to the interior pointer.
Assignee: nobody → edwsmith
Status: NEW → ASSIGNED
Attachment #432426 - Flags: review?(lhansen)
Priority: -- → P4
Target Milestone: --- → flash10.2
Flags: flashplayer-qrb+
Target Milestone: flash10.2 → flash10.1
Whiteboard: Has patch
Attachment #432426 - Flags: review?(lhansen) → review+
pushed http://hg.mozilla.org/tamarin-redux/rev/927c292f7151
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: flash10.1 → flash10.2
verified -Dverifyonly with multiple swfs does not crash shell.
Status: RESOLVED → VERIFIED
Flags: flashplayer-bug+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: