js-ctypes crash when using callbacks

NEW
Unassigned

Status

()

Core
js-ctypes
5 years ago
5 years ago

People

(Reporter: albert, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
I tryed to use callback to js function from native library and always crash:

F/libc    (  441): Fatal signal 11 (SIGSEGV) at 0x4a83d240 (code=2)
I/DEBUG   (  442): debuggerd committing suicide to free the zombie!

It can be reproduced with the following code:

Components.utils.import("resource://gre/modules/ctypes.jsm");
var fnptr_t = ctypes.FunctionType(ctypes.default_abi, ctypes.int, []).ptr;
fnptr_t(function() {})();

It works fine in Firefox but crash in B2G
(In reply to Albert from comment #0)
> I tryed to use callback to js function from native library and always crash:
> 
> F/libc    (  441): Fatal signal 11 (SIGSEGV) at 0x4a83d240 (code=2)
> I/DEBUG   (  442): debuggerd committing suicide to free the zombie!
> 
> It can be reproduced with the following code:
> 
> Components.utils.import("resource://gre/modules/ctypes.jsm");
> var fnptr_t = ctypes.FunctionType(ctypes.default_abi, ctypes.int, []).ptr;
> fnptr_t(function() {})();

You need to keep your function alive. js-ctypes has no way of tracing function pointers, so if you use a pointer to a GC-ed function you'll crash. My guess is that's what's happening here.

Try:

> Components.utils.import("resource://gre/modules/ctypes.jsm");
> var fnptr_t = ctypes.FunctionType(ctypes.default_abi, ctypes.int, []).ptr;
> var fun = function() {};
> fnptr_t(fun)();
(Reporter)

Comment 2

5 years ago
(In reply to Bobby Holley (:bholley) (on vacation though Dec 4) from comment #1)

> Try:
> 
> > Components.utils.import("resource://gre/modules/ctypes.jsm");
> > var fnptr_t = ctypes.FunctionType(ctypes.default_abi, ctypes.int, []).ptr;
> > var fun = function() {};
> > fnptr_t(fun)();

Same crash happens.

curiously when debugging with gdb in single-process mode (./run-gdb.sh) it works fine, but when gdb is attached to a running b2g process (./run-gdb attach pid) it crashes.

However, disabling the out of process feature in settings developer options, the crash happens also.
Yoric, I'm on PTO for a while. Can you look into this?
As mentioned by Albert, I can't reproduce it on FF (at least desktop) and I do not have access to a Gonk device. I will see if I can reproduce it on Fennec.

Comment 5

5 years ago
You could also try desktop B2G.
(Reporter)

Comment 6

5 years ago
It works in B2G desktop. It only crash in otoro and unagi devices.
In that case, there isn't much I can do to reproduce the error. I can't take that bug, sorry.
You need to log in before you can comment on or make changes to this bug.