I received a report from a user with a peculiar crash: https://github.com/openplanet-nl/issues/issues/66​

The code in question is the following:

void Render() {
    loop();
}

string loop() {
    float zero = 0;
    float one = 1;
    if (one <= zero) return "aaaa!";

    while (true) {}

    return "bbbb!";
}

The function loop here will infinite loop, after which the script context's line callback aborts the script after a 1 second timeout (using asIScriptContext::Abort)

When it is aborted, asIScriptContext::Unprepare is called, which calls asCContext::CleanStack, which eventually calls a string destructor to be called on what is most definitely an uninitialized string object (the return value?). The program does not crash when the first branching return is commented out however, which I found interesting.

I am using a custom string class together with a custom string factory implemented with asIStringFactory, if it matters. I have not tested this with Angelscript's shipped string addon.

I'll try to reproduce this.

I've reproduced the problem.

This is related to how the exception handler identifies if an object is initialized or not. There is a gap in the algorithm to handle the case when the returned value is initialized an then the code jumps to the last instruction to return. When this happens the algorithm currently thinks the object is alive from the first return statement until the last, which is why you didn't see the crash when commenting out the branching return.

It doesn't look like a trivial fix though, but I'll try to have it fixed as soon as possible.

I've fixed this in rev 2769.

Regards,
Andreas