[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9

gnash-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-

From:	Sandro Santilli
Subject:	[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-1807-g7565dad
Date:	Fri, 01 Nov 2013 13:11:03 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Gnash".

The branch, master has been updated
       via  7565dad5522580c9889209d3cf80c79de9a1bb11 (commit)
      from  d96607842f42e71d2f11fa0236055e52ae6fd48d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit//commit/?id=7565dad5522580c9889209d3cf80c79de9a1bb11


commit 7565dad5522580c9889209d3cf80c79de9a1bb11
Author: Sandro Santilli <address@hidden>
Date:   Fri Nov 1 13:29:39 2013 +0100

    Fix infinite loop in GC mark phase for XML objects (bug #40440)
    
    Includes testcase

diff --git a/NEWS b/NEWS
index fbc6d1c..b2be13f 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ Improvements since 0.8.10 release are:
  * Fix build against recent Boost and FFMPEG.
  * Fix support for GIFLIB-5.0 (#39482)
  * Fix regression in dynamic sound loading (#33760).
+ * Fix infinite loop in GC mark phase for XML object (bug #40440)
 
 Gnash 0.8.10
 2012/02/04
diff --git a/libcore/asobj/XMLNode_as.cpp b/libcore/asobj/XMLNode_as.cpp
index 2aee2da..70826b2 100644
--- a/libcore/asobj/XMLNode_as.cpp
+++ b/libcore/asobj/XMLNode_as.cpp
@@ -83,7 +83,8 @@ XMLNode_as::XMLNode_as(Global_as& gl)
     _parent(0),
     _attributes(new as_object(gl)),
     _childNodes(0),
-    _type(Element)
+    _type(Element),
+    _gcMarkInProgress(false)
 {
 }
 
@@ -96,7 +97,8 @@ XMLNode_as::XMLNode_as(const XMLNode_as& tpl, bool deep)
     _childNodes(0),
     _name(tpl._name),
     _value(tpl._value),
-    _type(tpl._type)
+    _type(tpl._type),
+    _gcMarkInProgress(false)
 {
     // only clone children if in deep mode
     if (deep) {
@@ -475,6 +477,10 @@ XMLNode_as::setReachable()
     // If there is a parent, make sure its object is reachable. This goes
     // up towards the root node of tree without marking the XMLNode
     // resources (which would cause infinite recursion).
+    if ( _gcMarkInProgress ) return;
+
+    GCMarkGuard markGuard(this);
+
     if (_parent && _parent->_object) _parent->_object->setReachable();
 
        // Mark children
@@ -487,7 +493,6 @@ XMLNode_as::setReachable()
     if (_object) _object->setReachable();
 
     if (_childNodes) _childNodes->setReachable();
-
 }
 
 void
diff --git a/libcore/asobj/XMLNode_as.h b/libcore/asobj/XMLNode_as.h
index 030d537..45c7254 100644
--- a/libcore/asobj/XMLNode_as.h
+++ b/libcore/asobj/XMLNode_as.h
@@ -266,6 +266,25 @@ private:
     static void stringify(const XMLNode_as& xml, std::ostream& xmlout,
             bool encode);
 
+    /// Is GC mark scan in progress ? 
+    //
+    /// Used to guard against infinite loops
+    ///
+    bool _gcMarkInProgress;
+
+    /// Class to prevent infinite loops
+    //
+    /// could probably be replaced with a templated class taking an
+    /// object and two values to toggle between.
+    /// See also FrameGuard, TargetGuard and PoolGuard
+    class GCMarkGuard {
+        XMLNode_as* _x;
+    public:
+        GCMarkGuard(XMLNode_as* x): _x(x) { _x->_gcMarkInProgress = true; }
+        ~GCMarkGuard() { _x->_gcMarkInProgress = false; }
+    };
+    friend class GCMarkGuard;
+
 };
 
 // Initialize the global XMLNode class
diff --git a/testsuite/actionscript.all/XMLNode.as 
b/testsuite/actionscript.all/XMLNode.as
index bcc254b..33d28de 100644
--- a/testsuite/actionscript.all/XMLNode.as
+++ b/testsuite/actionscript.all/XMLNode.as
@@ -411,8 +411,15 @@ check_equals(xn.toString(), "");
 //       if the test was successful or not...
 x = new XML('<t></t>'); x.appendChild(new XML('<t></t>'));
 var x2 = new XML('<t></t>'); x2.appendChild(x); delete x2;
+
 // many allocations force GC run
 for (var i=0; i<256; ++i) x = {};
 
+// Test infinite loop: https://savannah.gnu.org/bugs/index.php?40440
+// will crash when affected
+xl1 = new XML('<t></t>');
+xl2 = new XML('<t></t>');
+xl1.appendChild(xl2);
+xl2.appendChild(xl1);
 
 check_totals(182);

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                  |    1 +
 libcore/asobj/XMLNode_as.cpp          |   11 ++++++++---
 libcore/asobj/XMLNode_as.h            |   19 +++++++++++++++++++
 testsuite/actionscript.all/XMLNode.as |    7 +++++++
 4 files changed, 35 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
Gnash

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-1807-g7565dad, Sandro Santilli <=

Prev by Date: [Gnash-commit] [bug #33760] gst fails to play loaded dynamic sounds.
Next by Date: [Gnash-commit] [bug #40440] Infinite loop in GC mark phase for XML objects
Previous by thread: [Gnash-commit] [bug #33760] gst fails to play loaded dynamic sounds.
Next by thread: [Gnash-commit] buildbot success in Gnash on jessie-linux-i386
Index(es):
- Date
- Thread