Description: |
New test iocmd-21.21 demonstrates a segfault.
It's worse than that though.
It demonstrates that reflected channels expose
(create?) the ability to close a channel in the
midst of operations on it. This means things can
disappear, deallocate, invalidate, and go away,
when everything in progress is assuming that will
not happen.
One particular problem is the routine
ReflectInput(..., char *buf, int toRead, int *errorCodePtr);
The buf pointer value passed in is where RI() is meant to
write the bytes it reads. However the InvokeTclMethod() call
inside RI() has the power to free that memory. iocmd-21.21
demonstrates this (and other problems), and valgrind will indeed
report the "Invalid write" attempt.
A number of potential solutions can be imagined, but they all
seem unpleasant. Comments?
|