| Ticket UUID: | 45b9faf103f2fd0f7c4a69606b358bb68dbd2596 | |||
| Title: | [try] interaction with local variable names produces segmentation fault | |||
| Type: | Bug | Version: | core-8-branch | |
| Submitter: | pooryorick | Created on: | 2019-04-08 09:38:22 | |
| Subsystem: | 18. Commands M-Z | Assigned To: | pooryorick | |
| Priority: | 5 Medium | Severity: | Important | |
| Status: | Closed | Last Modified: | 2019-04-08 15:37:16 | |
| Resolution: | Fixed | Closed By: | sebres | |
| Closed on: | 2019-04-08 15:37:16 | |||
| Description: |
(text/x-fossil-wiki)
The following script produces a segmentation fault:
<code><verbatim>
proc main {} {
eval {
try {
lindex 5
} on ok res {}
}
puts $res
}
main
</verbatim></code>
The issue is:
[https://core.tcl.tk/tcl/artifact?udc=1&ln=4814&name=7abc6eff76e59d6d|tclCmdMZ.c:TryPostBody]
extracts a variable name from a <code>Tcl_Obj</code>, causing a list
internal representation to be created on that <code>Tcl_Obj</code>, and the
original value of that <code>Tcl_Obj</code> to become the first item in the
list, with a <code>refCount</code> of 1.
On the next line, <code>Tcl_ObjSetVar2</code> is called, and
[https://core.tcl.tk/tcl/artifact?udc=1&ln=738&name=f5bfe8cd3b7e5fd8|TclObjLookupVarEx]
subsequently obtains that same <code>Tcl_Obj</code> from the cache of local
variable names and frees that same list internal representation.
At this point, <code>part1Ptr</code> is a reference to that freed
<code>Tcl_Obj</code>.
| |||
| User Comments: |
sebres added on 2019-04-08 15:37:16:
(text/x-fossil-wiki)
closed in [e62a48e964] pooryorick added on 2019-04-08 13:04:05: (text/x-fossil-wiki) Fixed in [4100488a3ca38abf]. sebres added on 2019-04-08 09:59:09: (text/x-fossil-wiki) See also related ticket [578155d5a1]. I'm for solution with TCL_OWN_OBJREF flag, which is a year ago merged in my own branches and it works there without any issue. | |||
Home
Timeline
Branches
Tags
Tickets
Download
Wiki