From 22cfda86e15600f8b3622c7ed4101366199e1843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Fri, 4 Mar 2011 14:10:39 +0100 Subject: erts: Initialize register that may be referenced by garbage collection The call_fun() function in the BEAM emulator is supposed to to put the fun term in the x register following the actual arguments and environment for the fun. But if the fun is not loaded and a call to the error_handler:undefined_lambda/3 function is set up, the x(3) register will not be initialized. The lack of initialization is very unlikely to cause a problem in practice, because all of the following things must happen: 1) An unloaded fun must be called (i.e. the fun must have been received from another node or from a file or dets table). 2) The process must be scheduled out before the call to the error_handler:undefined_lambda/3 function can take place. 3) The process must be garbage collected before the process is scheduled in. 4) The x(3) register must contain a stale cons or box pointer that happens to point into the the heap of the currently executing process. (Because of the literal pool, the GC will never copy anything that is outside of the heap.) I was not able to write a test case that would force an emulator crash. --- erts/emulator/beam/beam_emu.c | 1 + 1 file changed, 1 insertion(+) (limited to 'erts/emulator/beam') diff --git a/erts/emulator/beam/beam_emu.c b/erts/emulator/beam/beam_emu.c index a4fb454481..e96014c665 100644 --- a/erts/emulator/beam/beam_emu.c +++ b/erts/emulator/beam/beam_emu.c @@ -6398,6 +6398,7 @@ call_fun(Process* p, /* Current process. */ reg[0] = module; reg[1] = fun; reg[2] = args; + reg[3] = NIL; return ep->address; } } -- cgit v1.2.3