Tcl Source Code

Ticket Change Details

Artifact ID: ec67d8ac8a1154a88c1b90809b50453b890943f0a54495b18c72f6344696ee6a
Ticket: cc1e91552c0ca1817292d951f8c694b28c2b2251
Regression in list expansion
User & Date: sebres 2019-01-11 12:07:02

  1. Change icomment to:

    Well, actually I doubt that the problem of Fran├žois would be caused directly by this fix (possibly just an after-effect), because if I'm not wrong it can crash in two cases:

    1. in call of ListObjIsCanonical, but it is a nonsense, because either valuePtr is inaccessible and don't think so, because TclListObjGetElements above by retrieving of list length (objc), or by check of the canonical flag (canonicalFlag) of list and it would be even weird, even because TclListObjGetElements always convert valuePtr to the list (tclListType) with proper list representation.

    2. within goto, but it is also hard to imagine (below INST_LIST_RANGE_IMM does this also for several cases (e. g. if indices are out of range).

    So my assumption there are the possible after-effects like:

    - Ref-Counting issues, for example now it returns new object (refCount=0), where previously refCount was >=1. In this case the Tk miss the refCount increment somewhere.

    - Type-safety like conversion to another type in the in-between operations (hard to imagine, now as well as previously it is/was always a list in this case).

    - Another UB.

    Anyway, I'll try to find the reason.

    @Fran├žois, is there any test-case I could use to reproduce the crash? Can you possibly provide a call-stack by the segfault.

  2. Change login to "sebres"
  3. Change mimetype to "text/x-fossil-wiki"