Tcl Source Code

View Ticket
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Attach Edit New Ticket Plaintext
2019-04-08
15:37 Closed ticket [45b9faf103]: try interaction with local variable names produces segmentation fault plus 5 other changes artifact: 5b99bc0cb3 user: sebres
15:35
merge bug-45b9faf103f2, fewer destructive TclObjLookupVarEx, closes [45b9faf103f2] check-in: 7723c52623 user: sebres tags: core-8-branch
15:03
closes [45b9faf103f2] (tclVar cached lookup): fixes segfaulting if variable released before set; par... Closed-Leaf check-in: e62a48e964 user: sebres tags: bug-45b9faf103f2
13:38
Improve test for last commit fixing [45b9faf103f2]. check-in: 55da18eb59 user: pooryorick tags: core-8-branch
13:04 Pending ticket [45b9faf103]: try interaction with local variable names produces segmentation fault plus 6 other changes artifact: 926dc37f5e user: pooryorick
13:01
Fix for [45b9faf103f2], [try] interaction with local variable names produces segmentation fault. check-in: 4100488a3c user: pooryorick tags: core-8-branch
09:59 Ticket [45b9faf103] try interaction with local variable names produces segmentation fault status still Open with 3 other changes artifact: c87e9ab2ef user: sebres
09:38 New ticket [45b9faf103]. artifact: 65500073f7 user: pooryorick
Ticket UUID: 45b9faf103f2fd0f7c4a69606b358bb68dbd2596
Title: [try] interaction with local variable names produces segmentation fault
Type: Bug Version: core-8-branch
Submitter: pooryorick Created on: 2019-04-08 09:38:22
Subsystem: 18. Commands M-Z Assigned To: pooryorick
Priority: 5 Medium Severity: Important
Status: Closed Last Modified: 2019-04-08 15:37:16
Resolution: Fixed Closed By: sebres
    Closed on: 2019-04-08 15:37:16
Description:

The following script produces a segmentation fault: 

proc main {} {
    eval {
        try {
            lindex 5
        } on ok res {} 
    }
    puts $res
}
main

The issue is:

tclCmdMZ.c:TryPostBody extracts a variable name from a Tcl_Obj, causing a list internal representation to be created on that Tcl_Obj, and the original value of that Tcl_Obj to become the first item in the list, with a refCount of 1.
On the next line, Tcl_ObjSetVar2 is called, and TclObjLookupVarEx subsequently obtains that same Tcl_Obj from the cache of local variable names and frees that same list internal representation.
At this point, part1Ptr is a reference to that freed Tcl_Obj.

User Comments: sebres added on 2019-04-08 15:37:16:

closed in [e62a48e964]

pooryorick added on 2019-04-08 13:04:05:

Fixed in [4100488a3ca38abf].

sebres added on 2019-04-08 09:59:09:

See also related ticket [578155d5a1].

I'm for solution with TCL_OWN_OBJREF flag, which is a year ago merged in my own branches and it works there without any issue.

This page was generated in about 0.012s by Fossil 2.24 [f4ffefe708] 2024-04-17 14:02:19