Tcl Source Code

View Ticket
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Attach Edit New Ticket Plaintext
Ticket UUID: 45b9faf103f2fd0f7c4a69606b358bb68dbd2596
Title: [try] interaction with local variable names produces segmentation fault
Type: Bug Version: core-8-branch
Submitter: pooryorick Created on: 2019-04-08 09:38:22
Subsystem: 18. Commands M-Z Assigned To: pooryorick
Priority: 5 Medium Severity: Important
Status: Closed Last Modified: 2019-04-08 15:37:16
Resolution: Fixed Closed By: sebres
    Closed on: 2019-04-08 15:37:16
Description:

The following script produces a segmentation fault: 

proc main {} {
    eval {
        try {
            lindex 5
        } on ok res {} 
    }
    puts $res
}
main

The issue is:

tclCmdMZ.c:TryPostBody extracts a variable name from a Tcl_Obj, causing a list internal representation to be created on that Tcl_Obj, and the original value of that Tcl_Obj to become the first item in the list, with a refCount of 1.
On the next line, Tcl_ObjSetVar2 is called, and TclObjLookupVarEx subsequently obtains that same Tcl_Obj from the cache of local variable names and frees that same list internal representation.
At this point, part1Ptr is a reference to that freed Tcl_Obj.

User Comments: sebres added on 2019-04-08 15:37:16:

closed in [e62a48e964]

pooryorick added on 2019-04-08 13:04:05:

Fixed in [4100488a3ca38abf].

sebres added on 2019-04-08 09:59:09:

See also related ticket [578155d5a1].

I'm for solution with TCL_OWN_OBJREF flag, which is a year ago merged in my own branches and it works there without any issue.

This page was generated in about 0.008s by Fossil 2.26 [dfc0f1b41f] 2025-03-13 10:34:34