Overview
| Artifact ID: | 9e53786782b3da4bc11166c0c190672f935cb9cf |
|---|---|
| Ticket: | c31f72813b3966d13deb165f957033d514acd99f
Tcl crashes when calculating the string representation of deep nested lists |
| User & Date: | JKU 2013-11-08 19:21:06 |
Changes
- assignee changed to: "dkf"
- comment changed to:
Tcl crashes with a SEGFAULT when calculating the string representation of a deeply nested list. Code to reproduce: <code><verbatim>set a a for {set i 0} {$i < 100000} {incr i} { set a [list $a] } puts $a</verbatim></code> If it does not crash, use a higher number. - icomment:
Relevant Tcler Chat: <verbatim><Johannes13> set a a; for {set i 0} {$i < 10000} {incr i} {set a [list $a]}; set a <suchenwi> Should be idempotent, on 1-word lists without spaces: <suchenwi> (Videos) 1 % set a a <suchenwi> a <suchenwi> (Videos) 2 % set a [list $a] <suchenwi> a <suchenwi> (Videos) 3 % set a [list $a] <suchenwi> a <Johannes13> suchenwi: on my machine Tcl crashes. <suchenwi> johannes13: let me try here... <suchenwi> suchenwi@suchenwi-NC10:~$ tclsh <suchenwi> % set a a;for {set i 0} {$i<10000} {incr i} {set a [list $a]}; set a <suchenwi> a <suchenwi> % info patch <suchenwi> 8.5.13 <Johannes13> increase the interations.. <suchenwi> johannes13: works here as expected, Lubuntu 13.04 <suchenwi> johannes13: with 1000000 it crashes indeed. <suchenwi> rlwrap: warning: tclsh killed by SIGSEGV (core dumped). <suchenwi> rlwrap has not crashed, but for transparency, <suchenwi> it will now kill itself with the same signal <suchenwi> Speicherzugriffsfehler (Speicherabzug geschrieben) <Johannes13> it crashes when calculating the string representation of a list of a list of a list... <jima> a really good compiled would have guessed the answer without iterating? <Zarutian> rereads what Johannes13 and suchenwi saids <Zarutian> -s <jima> s/compiled/compiler <thommey> yes, it does create a nested list structure <Zarutian> Johannes13: got a core dump from the crash? <Johannes13> no, windows.. <Zarutian> oh, right <thommey> { set a [list $a]; set a [string range $a 0 end] } works ;) * Zarutian tries to recall what that system event viewer is called in windows <suchenwi> The crash happens between 40000 and 43000 iterations. <thommey> stack explosion probably, the backtrace is thousands of iterations of Tcl_GetStringFromObj -> Tcl_GetString -> UpdateStringOfList -> Tcl_GetStringFromObj <suchenwi> But it's not descending in recursion, it iterates flatly... * jon8 hat die Verbindung getrennt (Remote host closed the connection) <thommey> the C function calls recurse <suchenwi> ah <thommey> the "set a" triggers it, generating the string rep, it doesn't have any issues building the nested list <evilotto> that crash is surprising to me at least... <Johannes13> exactly. <thommey> (until a certain higher nesting limit I assume) <miguel> thommey: reminds of a similar problem we had on freeing such lists (discovered by salvatore iirc) - dkf fixed that <ijchain> <miguel> do file a bug, assign it to dkf <giftpflanze> gawd, i'm so stupid <laomaiweng> Also crashes with 100000 on 8.6.1. <thommey> -> Johannes13 :P</verbatim> So I assigned it to dkf... - login: "JKU"
- mimetype: "text/x-fossil-wiki"
- username: "JKU"