AngelScript-JIT-Compiler icon indicating copy to clipboard operation
AngelScript-JIT-Compiler copied to clipboard
verified publisher icon BlindMindStudios

Fixed missing type info in object register when returning from sys call

Open bluecataudio opened this issue 8 years ago • 2 comments

I have found a bug in the JIT that crashes the VM when a native function exposed to the scripts both returns a reference or handle value and suspends the execution of the VM: if the execution is not continued before releasing the context, the VM crashes, because the object type register is set random memory.

This is because the JIT does not set the object type during a system call (it only sets the objectRegister). It probably works in standard scenarios because the asBC_STOREOBJ instruction is called right after, but if execution is suspended during the system call, the VM is in an unstable state.

Here is a proposal to fix this issue, simply setting the objectType pointer together with the objectRegister. Tested on Windows only so far, but it is probably not impacting other platforms either.

bluecataudio avatar Apr 03 '17 09:04 bluecataudio

The fix has now also been validated on Mac (XCode4 and XCode7, 10.7 SDK).

bluecataudio avatar Apr 13 '17 08:04 bluecataudio

Added new fixes for Angelscript 2.33.0 compatibility

bluecataudio avatar Sep 06 '18 11:09 bluecataudio