aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Gustavsson <[email protected]>2018-02-09 10:27:38 +0100
committerBjörn Gustavsson <[email protected]>2018-02-09 11:54:18 +0100
commit73ff9fa2126d96e5b30d01abd6c4560407f295e4 (patch)
tree030a07de85528f5f7450115490bec59363846d3e
parent9be186620d86b60791f20ddf5d051c63d576e737 (diff)
downloadotp-73ff9fa2126d96e5b30d01abd6c4560407f295e4.tar.gz
otp-73ff9fa2126d96e5b30d01abd6c4560407f295e4.tar.bz2
otp-73ff9fa2126d96e5b30d01abd6c4560407f295e4.zip
Check that the stack is initialized when an exception may occur
Strengthen beam_validator to check that the stack is initialized when an instruction with an {f,0} operand is executed. For example, the following code sequence: {allocate,0,1}. {bif,element,{f,0},[{integer,1},{x,0}],{x,0}}. should not be accepted because the stack may be scanned if element/2 fails. That could cause a crash or other undefined behavior if garbage on the stack looks like a catch tag.
-rw-r--r--lib/compiler/src/beam_validator.erl7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index 6219bc6894..ea38969814 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -1329,7 +1329,12 @@ branch_arities([Sz,{f,L}|T], Tuple, #vst{current=St}=Vst0)
Vst = branch_state(L, Vst1),
branch_arities(T, Tuple, Vst#vst{current=St}).
-branch_state(0, #vst{}=Vst) -> Vst;
+branch_state(0, #vst{}=Vst) ->
+ %% If the instruction fails, the stack may be scanned
+ %% looking for a catch tag. Therefore the Y registers
+ %% must be initialized at this point.
+ verify_y_init(Vst),
+ Vst;
branch_state(L, #vst{current=St,branched=B}=Vst) ->
Vst#vst{
branched=case gb_trees:is_defined(L, B) of