| Ticket UUID: | 1191369 | |||
| Title: | Tcl_LinkVar memory corruption causing crashes | |||
| Type: | Bug | Version: | obsolete: 8.4.9 | |
| Submitter: | nobody | Created on: | 2005-04-27 22:54:59 | |
| Subsystem: | 07. Variables | Assigned To: | msofer | |
| Priority: | 9 Immediate | Severity: | ||
| Status: | Closed | Last Modified: | 2005-10-22 22:27:36 | |
| Resolution: | Duplicate | Closed By: | msofer | |
| Closed on: | 2005-10-22 15:27:36 | |||
| Description: |
Copied email exchanges with Jeff. Hi Eric, Yes, I was able to repro it with a mem_debug build. I also found that it is related to TCL_LINK_READ_ONLY - if you remove that, the error does not occur. You should file this at http://tcl.sourceforge.net/ where it can be tracked through to fix. Regards, Jeff Hobbs, The Tcl Guy http://www.ActiveState.com/, a division of Sophos -----Original Message----- From: Tse, Eric [mailto:[email protected]] Sent: April 26, 2005 3:23 PM To: [email protected] Subject: RE: Tcl_LinkVar reproduced Hi Jeff, Can you reproduce it? Thanks, ERic -------------------------------------------------------------------------------- From: Tse, Eric Sent: Tuesday, April 26, 2005 11:31 AM To: '[email protected]' Subject: Tcl_LinkVar reproduced Hi Jeff, Here is the diff from 8.4.9: *** tclTest.c Tue Apr 26 11:11:02 2005 --- tclTest.c~ Mon Aug 30 12:58:48 2004 *************** *** 2482,2490 **** *---------------------------------------------------------------------- */ - static int eric1 = 0; - static int eric2 = 0; - /* ARGSUSED */ static int TestlinkCmd(dummy, interp, argc, argv) --- 2482,2487 ---- *************** *** 2502,2510 **** char buffer[2*TCL_DOUBLE_SPACE]; int writable, flag; Tcl_Obj *tmp; - - Tcl_LinkVar(interp, "eric_var", (char *) &eric1, TCL_LINK_INT | TCL_LINK_READ_ONLY); - Tcl_LinkVar(interp, "eric_var", (char *) &eric2, TCL_LINK_INT | TCL_LINK_READ_ONLY); if (argc < 2) { Tcl_AppendResult(interp, "wrong # args: should be \"", argv[0], --- 2499,2504 ---- Steps to reproduce: - gmake tcltest - tcltest - type testlink on the prompt etse.cad889 [~/tmp/tcl8.4.9/unix]% tcltest % testlink file = ../generic/tclLink.c, line = 119 Trying to decrement refCount of previously disposed object. Abort Thanks, Eric | |||
| User Comments: |
msofer added on 2005-10-22 22:27:35:
Logged In: YES user_id=148712 The problem is that Tcl_LinkVar tries to set the variable to an obj with refCount 0. If that fails due to a trace (in the example, because the variable was read only), the obj's refcount is decremented by the SetVar code before returning, and the obj is freed. Therefore, the code in Tcl_LinkVar should not decrRefCount again. This is a special of [Bug 1334947], which supersedes it. msofer added on 2005-10-22 10:14:42: Logged In: YES user_id=148712 This flew under my radar - upping prio to check for presence in 8.4 and HEAD. | |||
Home
Timeline
Branches
Tags
Tickets
Download
Wiki