[Swfdec] Question about SwfdecAsScriptFunction in swfdec
Benjamin Otte
otte at gnome.org
Thu Mar 5 00:19:15 PST 2009
That indeed looks like an oversight. You said you have a testcase for
this that we can add to the testsuite?
Could you send that here, so I don't have to code it?
Cheers,
Benjamin
On Thu, Mar 5, 2009 at 3:17 AM, zou lunkai <zoulunkai at gmail.com> wrote:
> Hello,
>
> I got a question about the script function class(SwfdecAsScriptFunction)
> design in swfdec.
>
> Why doesn't a script function mark its
> target(SwfdecAsScriptFunction::target) in the marking phase? What if the
> function's target has been destroyed while the function itself is still kept
> alive? (Answer myself: then there would be a segfault when executing that
> function)
>
> Let me give a more specific case:
>
> (1)swf(movie) 'A' defines a script function 'movie_a_func()' inside its
> body.
> (2)swf(movie) 'B' loads movie 'A' at runtime by using loadMovieNum('A.swf',
> 2);
> (3)movie 'B' then create a reference to function 'movie_a_func()' , eg.
> movie_b_func = _level2.movie_a_func;
> (4)unload movie 'A' by using _level2.unloadMovie();
> (5)next frame; //Note target of ''movie_a_func', which is 'A' is destroyed
> and collected here.
> (6)call function 'movie_b_func'; // bomb, trying to reference its
> target(movie A) that is already freed.
>
> The above case could happen more easily when set GC threshold to zero(alway
> gc).
>
> The obvious fix to me is always marking the target of a script function, but
> I am not 100% sure if it's the right way. It would be helpful if anyone
> could confirm with me. (BTW, I'v made the real tests described as above.)
>
> Yes, I'll file a bug if get confirmed or at least there is someone
> concerning this mail.
>
>
> --zou
>
>
>
More information about the Swfdec
mailing list