| Ticket UUID: | 268b23df11916a9da17742ce2595d0634f5a0960 | |||
| Title: | expr Crashes When Traced | |||
| Type: | Bug | Version: | 8.6.4 | |
| Submitter: | tomkiti | Created on: | 2015-06-01 17:23:43 | |
| Subsystem: | 16. Commands A-H | Assigned To: | dgp | |
| Priority: | 7 High | Severity: | Important | |
| Status: | Closed | Last Modified: | 2015-06-03 19:09:13 | |
| Resolution: | Fixed | Closed By: | dgp | |
| Closed on: | 2015-06-03 19:09:13 | |||
| Description: |
The "expr" command crashes tclsh when it is being traced while evaluating a built-in function with a command argument. This can be reproduced with the following script:
proc zero {} {
return 0
}
proc crash {} {
expr {abs([zero])} ;# <=== Crashes
}
proc traceProc {args} {
}
trace add execution crash enterstep traceProc
crash
Some observations:
- The "leavestep" trace also crashes, but "enter" and "leave" do not.
- All "expr" functions seem to crash, not just "abs".
- For the crash to occur, the argument to the function must be a command, e.g. "[zero]". Passing "0", "[return 0]", or a variable will not crash.
- Removing the braces will prevent the crash.
- Removing the trace will prevent the crash.
The workaround is to set the command's result to a variable first and then pass the variable to the "abs" function.
| |||
| User Comments: |
dgp added on 2015-06-03 19:09:13:
Improved patch committed. dgp added on 2015-06-03 12:27:26: Committed to trunk a patch that stops the crash. Keeping open since I think this demo still points to code errors. dgp added on 2015-06-02 19:13:07: Further probe of the dgp-bye-ctx-eval-flag branch pins the blame on http://core.tcl.tk/tcl/info/853abff6c96b1d89 dgp added on 2015-06-02 18:52:02: Good demo script is always appreciated. Thanks! Bisect blames http://core.tcl.tk/tcl/info/3648c59d0d0b ferrieux added on 2015-06-01 21:25:29: Repro OK with trunk. Stack below. Smells of TIP280 structures.
(gdb) where
#0 __memcpy_sse2 () at ../sysdeps/x86_64/multiarch/../memcpy.S:90
#1 0x00007fc4e3e76544 in Tcl_DbNewStringObj (bytes=0x0, length=4, file=0x7fc4e3ed3120 "/home/alex/src/fos/tcl/generic/tclExecute.c", line=9903) at /home/alex/src/fos/tcl/generic/tclStringObj.c:394
#2 0x00007fc4e3e183c3 in TclGetSourceFromFrame (cfPtr=0xb05f18, objc=2, objv=0xb05f70) at /home/alex/src/fos/tcl/generic/tclExecute.c:9903
#3 0x00007fc4e3d2204a in EvalObjvCore (data=0xbd9d60, interp=0xb02608, result=0) at /home/alex/src/fos/tcl/generic/tclBasic.c:4263
#4 0x00007fc4e3d22388 in TclNRRunCallbacks (interp=0xb02608, result=0, rootPtr=0x0) at /home/alex/src/fos/tcl/generic/tclBasic.c:4393
#5 0x00007fc4e3d21bdd in Tcl_EvalObjv (interp=0xb02608, objc=1, objv=0xb05c80, flags=2097168) at /home/alex/src/fos/tcl/generic/tclBasic.c:4123
#6 0x00007fc4e3d2409e in TclEvalEx (interp=0xb02608, script=0xbbcde8 "proc zero {} { return 0 }\n\n", ' ' <repeats 19 times>, "proc crash {} { expr {abs([zero])} ;# <=== Crashes }\n\n", ' ' <repeats 19 times>, "proc traceProc {args} { }\n\n", ' ' <repeats 19 times>, "trace add execution crash ente"..., numBytes=242, flags=0, line=9, clNextOuter=0x0, outerScript=0xbbcde8 "proc zero {} { return 0 }\n\n", ' ' <repeats 19 times>, "proc crash {} { expr {abs([zero])} ;# <=== Crashes }\n\n", ' ' <repeats 19 times>, "proc traceProc {args} { }\n\n", ' ' <repeats 19 times>, "trace add execution crash ente"...) at /home/alex/src/fos/tcl/generic/tclBasic.c:5262
#7 0x00007fc4e3e47772 in Tcl_FSEvalFileEx (interp=0xb02608, pathPtr=0xba5c68, encodingName=0x0) at /home/alex/src/fos/tcl/generic/tclIOUtil.c:1815
#8 0x00007fc4e3e51c2b in Tcl_MainEx (argc=-1, argv=0x7fffa39e0978, appInitProc=0x4009c2 <Tcl_AppInit>, interp=0xb02608) at /home/alex/src/fos/tcl/generic/tclMain.c:417
#9 0x00000000004009bb in main (argc=2, argv=0x7fffa39e0968) at /home/alex/src/fos/tcl/unix/tclAppInit.c:84
(
| |||
Home
Timeline
Branches
Tags
Tickets
Download
Wiki