Tcl Source Code

View Ticket
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Attach Edit New Ticket Plaintext
Ticket UUID: 5ee01098824881b5500e4692bcfa74eb853bc795
Title: lseq list conversion results in attempt to access freed memory
Type: Bug Version:
Submitter: pooryorick Created on: 2023-05-17 11:50:56
Subsystem: - New Builtin Commands Assigned To: pooryorick
Priority: 5 Medium Severity: Important
Status: Closed Last Modified: 2023-05-23 15:49:53
Resolution: Fixed Closed By: pooryorick
    Closed on: 2023-05-23 15:49:53
Description:

In a build of trunk with --enable-symbols and CFLAGS="-DPURIFY", the following script 

trace add variable one write [list ::apply [list args {
	error {this error}
} [namespace current]]]
set one [lindex [lreplace [lseq 1 2] 1 1 hello] 0]

Results in the following error: 

malloc(): unaligned fastbin chunk detected 3

The reason is that lreplace converts the internal repesentation from tclArithSeriesType to <cod>tclListType, and SetListFromAny() handles the arithmetic series specially, forgetting to increment the reference count when each Tcl_Obj is added to the list. See this loop.

User Comments: pooryorick added on 2023-05-17 12:12:43:

Fixed in [e45cee0c53].

This page was generated in about 0.009s by Fossil 2.26 [d14a7803d7] 2025-04-16 12:02:40