erts: Initialize register that may be referenced by garbage collection

The call_fun() function in the BEAM emulator is supposed to
to put the fun term in the x register following the actual arguments
and environment for the fun. But if the fun is not loaded and
a call to the error_handler:undefined_lambda/3 function is set up,
the x(3) register will not be initialized.

The lack of initialization is very unlikely to cause a problem
in practice, because all of the following things must happen:

1) An unloaded fun must be called (i.e. the fun must have
been received from another node or from a file or dets table).

2) The process must be scheduled out before the call to the
error_handler:undefined_lambda/3 function can take place.

3) The process must be garbage collected before the process
is scheduled in.

4) The x(3) register must contain a stale cons or box pointer
that happens to point into the the heap of the currently
executing process. (Because of the literal pool, the GC will
never copy anything that is outside of the heap.)

I was not able to write a test case that would force an
emulator crash.

1 files changed, 1 insertions, 0 deletions

diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c
index a4fb454481..e96014c665 100644
--- a/erts/emulator/beam/beam_emu.c
+++ b/erts/emulator/beam/beam_emu.c
@@ -6398,6 +6398,7 @@ call_fun(Process* p,		/* Current process. */
 		reg[0] = module;
 		reg[1] = fun;
 		reg[2] = args;
+		reg[3] = NIL;
 		return ep->address;
 	    }
 	}