Tcl Source Code

Ticket Change Details
Login
Bounty program for improvements to Tcl and certain Tcl packages.
Overview

Artifact ID: b39e14ba53d51672a6b8eb0391b99f3826f74106
Ticket: 578155d5a19b348dc1a9fe96cc2c067a59326a89
Very rare bug (segfault) if set variable (with error case) using self-releasable object as new value
User & Date: sebres 2017-07-17 16:59:39
Changes

  1. Change icomment to:

    Well, this seems to have repercussions - today I would check my idea with new flag TCL_OWN_OBJREF and have verified at which places everywhere in tcl (and some modules like thread, etc) it may be needed. Thereby I found many places, where it's currently wrong (e. g. usage of released object, wrong free or even leaks).
    Too many to list all this here...
    Just as an example, see Tcl_ObjSetVar2(..., matchVarObj, NULL, emptyObj, ...) that will use already released object emptyObj if 10 lines above the same object emptyObj will be released in trace by Tcl_ObjSetVar2(..., indexVarObj, NULL, emptyObj, ...) . Note that in current versions this does not have Tcl_DecrRefCount(emptyObj) in error cases (since auto-release in [510663a99e3a096bb7bab7314eb59fc805335318]), but it does no matter because this can be released in trace by set.

    I would like to fix all such errors (and similar) for 8.5th, 8.6th and trunk branches (together with introducing of already suggested new flag TCL_OWN_OBJREF or using some other solution like new internal function TclObjOwnAndSetVar), but firstly I would like to know what TCT thinks about (new flag?, new function?, something other?). IMHO but (very-very controversial) auto-release made in [510663a99e3a096bb7bab7314eb59fc805335318] is not really a solution and should be rewritten.

    Please note also, that this behavior is undocumented, so many people make still:

    Tcl_Obj *newObj = SomethingReturnsNewObjOfTypeX(...);
    if (Tcl_ObjSetVar2(..., varObj, NULL, newObj, ...) == NULL) {
      Tcl_DecrRefCount(newObj);
      return TCL_ERROR;
    }
    
    What is currently wrong (because since [510663a99e3a096bb7bab7314eb59fc805335318] it is double decreased, and can cause segfault).
  2. Change login to "sebres"
  3. Change mimetype to "text/x-fossil-wiki"