Status: Accepted
Owner: peter.rybin
Labels: Type-Bug Priority-Medium
New issue 915 by erik.corry: liveedit iterates incorrectly over the
pointers in the stack
http://code.google.com/p/v8/issues/detail?id=915
In VisitPointers in liveedit.cc we iterate over the heap and collect
pointers to the code objects. These are later fixed in the Replace method
lower down.
This way of doing things doesn't work. The pointers you get in
VisitPointers are not necessarily valid after you return from
VisitPointers. See for example StackFrame::IteratePc in frames.cc. Here
the pointer passed to the visitor is a local variable on the stack. By the
time the Replace method runs this is a stray pointer pointing into some
random place on or below the stack. There are other places, particularly
on 64 bit where there is no straight pointer on the heap. In these cases
we also have to do something similar to StackFrame::IteratePc where a
temporary on the stack is passed to the visitor.
This bug was found with the help of valgrind. There are no known crashes
yet.
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
