Advertisement

Return value destructed without being initialized

Started by February 21, 2022 03:49 PM
3 comments, last by WitchLord 2 years, 9 months ago

I received a report from a user with a peculiar crash: https://github.com/openplanet-nl/issues/issues/66

The code in question is the following:

void Render() {
    loop();
}

string loop() {
    float zero = 0;
    float one = 1;
    if (one <= zero) return "aaaa!";

    while (true) {}

    return "bbbb!";
}

The function loop here will infinite loop, after which the script context's line callback aborts the script after a 1 second timeout (using asIScriptContext::Abort)

When it is aborted, asIScriptContext::Unprepare is called, which calls asCContext::CleanStack, which eventually calls a string destructor to be called on what is most definitely an uninitialized string object (the return value?). The program does not crash when the first branching return is commented out however, which I found interesting.

I am using a custom string class together with a custom string factory implemented with asIStringFactory, if it matters. I have not tested this with Angelscript's shipped string addon.

I'll try to reproduce this.

AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

Advertisement

I've reproduced the problem.

This is related to how the exception handler identifies if an object is initialized or not. There is a gap in the algorithm to handle the case when the returned value is initialized an then the code jumps to the last instruction to return. When this happens the algorithm currently thinks the object is alive from the first return statement until the last, which is why you didn't see the crash when commenting out the branching return.

It doesn't look like a trivial fix though, but I'll try to have it fixed as soon as possible.

AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

I've fixed this in rev 2769.

Regards,
Andreas

AngelCode.com - game development and more - Reference DB - game developer references
AngelScript - free scripting library - BMFont - free bitmap font generator - Tower - free puzzle game

This topic is closed to new replies.

Advertisement