'Run object as method' is flawed in VM

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

'Run object as method' is flawed in VM

Igor Stasenko
 
I tried to play with this feature and found that if i install a
smallinteger into method dictionary as a method
and then try to invoke that method, my VM is crashing.

testCrashWithSmallInt
        self class methodDict at: #answer10 put: 10.
        self should: [self answer10] raise: MessageNotUnderstood.
        self class basicRemoveSelector: #answer10.


Wed Dec 09 07:32:43 2009

Exception code: C0000005
Exception addr: 0040C08F
Access violation (read access) at 00000015
EAX:02ECD658 EBX:00000022 ECX:027FBAA8 EDX:00000015
ESI:02ECD570 EDI:00000000 EBP:01250004 ESP:0006FA48
EIP:0040C08F EFL:00010246
FP Control: FFFF027F
FP Status:  FFFF0120
FP Tag:     FFFFFFFF


VM Version: Squeak 3.11.2 (alpha) from Mar 27 2009
Compiler: gcc 2.95.2 19991024 (release)

Current byte code: 209
Primitive index: 199

Loaded plugins:
        SocketPlugin 27 March 2009 (i)
        SoundPlugin 6 March 2009 (i)
        LargeIntegers v1.5 6 March 2009 (i)
        Matrix2x3Plugin 6 March 2009 (i)
        FloatArrayPlugin 6 March 2009 (i)
        B2DPlugin 6 March 2009 (i)
        BitBltPlugin 6 March 2009 (i)
        SecurityPlugin 6 March 2009 (i)
        FilePlugin 6 March 2009 (i)
        MiscPrimitivePlugin 6 March 2009 (i)


Stack dump:

49085392 TestObjectsAsMethods>testCrashWithSmallInt
49085300 TestCase>executeShould:inScopeOf:

--
Best regards,
Igor Stasenko AKA sig.
Reply | Threaded
Open this post in threaded view
|

Re: 'Run object as method' is flawed in VM

Igor Stasenko
 
See the bug report
http://bugs.squeak.org/view.php?id=7426

with test attached there.

--
Best regards,
Igor Stasenko AKA sig.
Reply | Threaded
Open this post in threaded view
|

Re: 'Run object as method' is flawed in VM

David T. Lewis
In reply to this post by Igor Stasenko
 
On Wed, Dec 09, 2009 at 07:39:03AM +0200, Igor Stasenko wrote:
>  
> I tried to play with this feature and found that if i install a
> smallinteger into method dictionary as a method
> and then try to invoke that method, my VM is crashing.
>
> testCrashWithSmallInt
> self class methodDict at: #answer10 put: 10.
> self should: [self answer10] raise: MessageNotUnderstood.
> self class basicRemoveSelector: #answer10.

Good bug! I confirmed that the test crashes a 32-bit unix VM on Linux.
Interestingly, it does *not* crash a 64-bit VM on the same platform.
The self answer10 part of the test passes with the expected exception,
although the test fails on the #basicRemoveSelector: with a DNU on
SmallInteger>>flushCache. Most likely that just means that there
is more than one bug involved.

Dave

Reply | Threaded
Open this post in threaded view
|

Re: 'Run object as method' is flawed in VM

Michael van der Gulik-2
In reply to this post by Igor Stasenko

On Wed, Dec 9, 2009 at 6:39 PM, Igor Stasenko <[hidden email]> wrote:
>
> I tried to play with this feature and found that if i install a
> smallinteger into method dictionary as a method
> and then try to invoke that method, my VM is crashing.
>
> testCrashWithSmallInt
>        self class methodDict at: #answer10 put: 10.
>        self should: [self answer10] raise: MessageNotUnderstood.
>        self class basicRemoveSelector: #answer10.

Is this a feature that I don't know about? What is the expected behaviour?

I'd expect the VM to crash or fail if it tries to execute an object
rather than bytecodes.

Gulik.


--
http://gulik.pbwiki.com/
Reply | Threaded
Open this post in threaded view
|

Re: 'Run object as method' is flawed in VM

Andreas.Raab
 
Michael van der Gulik wrote:
> Is this a feature that I don't know about? What is the expected behaviour?
>
> I'd expect the VM to crash or fail if it tries to execute an object
> rather than bytecodes.

The original annoncement was here:

http://lists.squeakfoundation.org/pipermail/squeak-dev/2003-May/058414.html

Cheers,
   - Andreas
Reply | Threaded
Open this post in threaded view
|

Re: 'Run object as method' is flawed in VM

Igor Stasenko
In reply to this post by Michael van der Gulik-2

2009/12/9 Michael van der Gulik <[hidden email]>:

>
> On Wed, Dec 9, 2009 at 6:39 PM, Igor Stasenko <[hidden email]> wrote:
>>
>> I tried to play with this feature and found that if i install a
>> smallinteger into method dictionary as a method
>> and then try to invoke that method, my VM is crashing.
>>
>> testCrashWithSmallInt
>>        self class methodDict at: #answer10 put: 10.
>>        self should: [self answer10] raise: MessageNotUnderstood.
>>        self class basicRemoveSelector: #answer10.
>
> Is this a feature that I don't know about? What is the expected behaviour?
>
> I'd expect the VM to crash or fail if it tries to execute an object
> rather than bytecodes.
>

This is very useful feature in a sense that it fills the gaps in VM
security and, in fact, in useful manner.
A method dictionary can be invalid, can be missing AND can contain an
arbitrary objects as methods.
VM should not crash under any of those circumstances.

> Gulik.
>
>
> --
> http://gulik.pbwiki.com/
>



--
Best regards,
Igor Stasenko AKA sig.