https://gitlab.synchro.net/main/sbbs/-/commit/fab8b1f1d6b8939abbc8e3bf
Modified Files:
src/sbbs3/js_rtpool.cpp
Log Message:
js_rtpool: don't crash when JS_NewRuntime() fails (NULL runtime)
JS_NewRuntime() returns NULL on failure (e.g. under memory pressure), but jsrt_GetNew() pushed that NULL onto the runtime-pool list unchecked. The trigger_thread 100ms loop then walked the list and called JS_TriggerAllOperationCallbacks(NULL), dereferencing [NULL+0x164] -> access violation that takes down the whole in-process server.
Observed crashing sbbsctrl.exe (3.21.4.0, Win32, mozjs185 1.8.5) twice, identical WER bucket; minidump faulting frame:
mozjs185_1_0!JS_TriggerAllOperationCallbacks+0x5 (esi/JSRuntime* = NULL)
sbbs!thread_start<...> (== js_rtpool.cpp trigger_thread)
each preceded by web-log "out of memory" / "Failed to create new context" entries (memory pressure -> JS_NewRuntime returns NULL).
Fix: don't list a NULL runtime; skip a NULL node in trigger_thread
defensively; and no-op jsrt_Release(NULL) (JS_DestroyRuntime(NULL) would
crash the same way -- not currently reachable, but the same bug class).
Platform-agnostic (shared pool logic); surfaced on the 32-bit Windows build, which runs the JS heap dry first. Latent since 4173ce48d0 (2014).
GitLab #1152.
Co-Authored-By: Claude Opus 4.8 (1M context) <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net