Description
register_dynamic_module(path, mod_name, on_error, Context*, LineInfoArg*) in src/builtin/module_builtin_fio.cpp:1097 accepts a Quiet mode (on_error=0) for callers that don't have a Context, but only one of three error branches actually checks the flag. The other two unconditionally call context->to_err(...), which segfaults when context==nullptr.
| Branch |
Condition |
Quiet respected? |
| :1109-1117 |
dlopen failed |
✅ yes (guarded by RegisterOnError::Quiet) |
| :1122-1130 |
registrator symbol __getModule_<X> missing |
❌ unconditional context->to_err |
| :1134-1140 |
DAS_BUILD_ID mismatch |
❌ unconditional context->to_err |
Reproducer
Either the existing jit_register_dynamic_module(path, mod_name) (module_jit.cpp:1042) or the new jit_register_dynamic_module_resolve (PR #2579) calls register_dynamic_module with nullptr for both Context* and LineInfoArg* and on_error=0/*Quiet*/. A standalone exe whose .shared_module artifact is corrupt (missing registrator symbol) or built against a different DAS_BUILD_ID will hit one of the unguarded branches and segfault during startup, instead of returning nullptr cleanly.
Suggested fix
Guard both unconditional context->to_err(...) sites with the same RegisterOnError::Quiet check that the dlopen branch already uses, e.g.:
if (static_cast<RegisterOnError>(on_error) != RegisterOnError::Quiet) {
context->to_err(at, err_msg.c_str());
}Optionally also guard context==nullptr defensively before any context->to_err call so non-Quiet callers can't crash either.
Context
Surfaced by Copilot review on PR #2579 (discussion_r3189589151). Pre-existing latent bug, not introduced by that PR; deferred to a follow-up so the resolution-tier fix stays scoped.
Description
register_dynamic_module(path, mod_name, on_error, Context*, LineInfoArg*)in src/builtin/module_builtin_fio.cpp:1097 accepts aQuietmode (on_error=0) for callers that don't have a Context, but only one of three error branches actually checks the flag. The other two unconditionally callcontext->to_err(...), which segfaults whencontext==nullptr.RegisterOnError::Quiet)__getModule_<X>missingcontext->to_errcontext->to_errReproducer
Either the existing
jit_register_dynamic_module(path, mod_name)(module_jit.cpp:1042) or the newjit_register_dynamic_module_resolve(PR #2579) callsregister_dynamic_modulewithnullptrfor bothContext*andLineInfoArg*andon_error=0/*Quiet*/. A standalone exe whose.shared_moduleartifact is corrupt (missing registrator symbol) or built against a differentDAS_BUILD_IDwill hit one of the unguarded branches and segfault during startup, instead of returningnullptrcleanly.Suggested fix
Guard both unconditional
context->to_err(...)sites with the sameRegisterOnError::Quietcheck that the dlopen branch already uses, e.g.:Optionally also guard
context==nullptrdefensively before anycontext->to_errcall so non-Quiet callers can't crash either.Context
Surfaced by Copilot review on PR #2579 (discussion_r3189589151). Pre-existing latent bug, not introduced by that PR; deferred to a follow-up so the resolution-tier fix stays scoped.