Ticket UUID: | ec06d0db3225afca55f23472b63feede43317ac3 | |||
Title: | Tcl_AppendObjToObj and Tcl_GetUnicode lead to Valgrind "Invalid read of size". | |||
Type: | Bug | Version: | ||
Submitter: | pooryorick | Created on: | 2021-04-20 10:25:13 | |
Subsystem: | 44. UTF-8 Strings | Assigned To: | jan.nijtmans | |
Priority: | 5 Medium | Severity: | Minor | |
Status: | Closed | Last Modified: | 2021-04-20 13:48:15 | |
Resolution: | Fixed | Closed By: | pooryorick | |
Closed on: | 2021-04-20 13:48:15 | |||
Description: |
(text/x-fossil-wiki)
In core-8-branch, commit [a3599d9b2596c181], a build with <code>--enable-symbols CFLAGS=-DPURIFY</code>, <code>make TESTFLAGS='-verbose t -file append.test -match "append-3.3 append-3.4"' valgrind</code> produces the following errors: <code><verbatim> ==1870667== Invalid read of size 4 ==1870667== at 0x4A01D9D: Tcl_AppendObjToObj (tclStringObj.c:1439) ==1870667== by 0x4A21BB1: StringAppendInVar (tclVar.c:1959) ==1870667== by 0x4A21E78: TclPtrSetVarIdx (tclVar.c:2086) ==1870667== by 0x497E59A: TEBCresume (tclExecute.c:3412) ==1870667== by 0x489921A: TclNRRunCallbacks (tclBasic.c:4857) ==1870667== by 0x4898ADC: Tcl_EvalObjv (tclBasic.c:4576) ==1870667== by 0x489B1AF: TclEvalEx (tclBasic.c:5728) ==1870667== by 0x49C5F82: Tcl_FSEvalFileEx (tclIOUtil.c:1782) ==1870667== by 0x49D4A97: Tcl_MainEx (tclMain.c:399) ==1870667== by 0x10A3B4: main (tclAppInit.c:91) ==1870667== Address 0x62c856c is 12 bytes inside a block of size 18 free'd ==1870667== at 0x4840D7B: realloc (vg_replace_malloc.c:834) ==1870667== by 0x488C4A2: TclpRealloc (tclAlloc.c:747) ==1870667== by 0x48A8AE2: Tcl_Realloc (tclCkalloc.c:1130) ==1870667== by 0x4A00714: GrowUnicodeBuffer (tclStringObj.c:224) ==1870667== by 0x4A07BEA: ExtendUnicodeRepWithString (tclStringObj.c:4156) ==1870667== by 0x4A07AE6: FillUnicodeRep (tclStringObj.c:4131) ==1870667== by 0x4A00DB0: Tcl_GetUnicodeFromObj (tclStringObj.c:657) ==1870667== by 0x4A00D6A: Tcl_GetUnicode (tclStringObj.c:620) ==1870667== by 0x4A01D98: Tcl_AppendObjToObj (tclStringObj.c:1432) ==1870667== by 0x4A21BB1: StringAppendInVar (tclVar.c:1959) ==1870667== by 0x4A21E78: TclPtrSetVarIdx (tclVar.c:2086) ==1870667== by 0x497E59A: TEBCresume (tclExecute.c:3412) ==1870667== by 0x489921A: TclNRRunCallbacks (tclBasic.c:4857) ==1870667== by 0x4898ADC: Tcl_EvalObjv (tclBasic.c:4576) ==1870667== by 0x489B1AF: TclEvalEx (tclBasic.c:5728) ==1870667== by 0x49C5F82: Tcl_FSEvalFileEx (tclIOUtil.c:1782) ==1870667== by 0x49D4A97: Tcl_MainEx (tclMain.c:399) ==1870667== by 0x10A3B4: main (tclAppInit.c:91) ==1870667== Block was alloc'd at ==1870667== at 0x483E77F: malloc (vg_replace_malloc.c:307) ==1870667== by 0x488C464: TclpAlloc (tclAlloc.c:699) ==1870667== by 0x48A89FE: Tcl_Alloc (tclCkalloc.c:1054) ==1870667== by 0x4A07EC5: SetStringFromAny (tclStringObj.c:4284) ==1870667== by 0x4A01C8B: Tcl_AppendObjToObj (tclStringObj.c:1425) ==1870667== by 0x4A21BB1: StringAppendInVar (tclVar.c:1959) ==1870667== by 0x4A21E78: TclPtrSetVarIdx (tclVar.c:2086) ==1870667== by 0x497E59A: TEBCresume (tclExecute.c:3412) ==1870667== by 0x489921A: TclNRRunCallbacks (tclBasic.c:4857) ==1870667== by 0x4898ADC: Tcl_EvalObjv (tclBasic.c:4576) ==1870667== by 0x489B1AF: TclEvalEx (tclBasic.c:5728) ==1870667== by 0x49C5F82: Tcl_FSEvalFileEx (tclIOUtil.c:1782) ==1870667== by 0x49D4A97: Tcl_MainEx (tclMain.c:399) ==1870667== by 0x10A3B4: main (tclAppInit.c:91) </verbatim></code> | |||
User Comments: |
pooryorick added on 2021-04-20 13:48:15:
(text/x-fossil-wiki)
More fixes in [ec5b3d21f9b29ee9] for related issues reported by Valgrind. pooryorick added on 2021-04-20 11:34:45: (text/x-fossil-wiki) Fixed in [c7100a073ba1e0b8]. jan.nijtmans added on 2021-04-20 11:24:00: (text/x-fossil-wiki) So, the cause was a regression in the fix for [7f1162a867]. Congratulations! You found it and fixed it. Well done! |