0 Replies Latest reply on Aug 29, 2006 8:33 AM by maybethisoneisfree

    Flash Player 9.0R16 Bug in ActionScript-VM


      the ActionScript-VM seems to have a bug, causing the Host-Application to terminate with a general protection fault. To test it, you can go to http://www.seafight.com/, login with user debug1 and password test123, and click on "to the sea chart". This bug only happens occasionally, depending on the computer (performance? other applications installed? memory?) it takes between 1 minute to 30 minutes until the player crashes. The only special things that Flash does is using XMLSocket and Sound.play.

      Tested with flash9.ocx (maybe german locale), version 9.0R16:
      crash at address 0x30089094:

      .text:30089089 85 C0 test eax, eax
      .text:3008908B 89 45 E0 mov [ebp+var_20], eax
      .text:3008908E 0F 8D B5 02 00 00 jge loc_0_30089349
      .text:30089094 8B 46 54 mov eax, [esi+54h]

      At the last command esi has occasionally a value of 0x80, resulting in an access at address 0xD4 which is of course not valid.

      As far as I can see/guess, the commands are part of the actionscript bytecode interpreter, at least that part is executed several hundred times a second, which makes conditional breakpoints unuseable :(

      Maybe someone knows one of the Flash-Player developers and can forward this report ;)

      For additional questions: m.moeller _at_ e-sport.com