Tcl Source Code

View Ticket
Login
Ticket UUID: 99c02b9520069c3ecd4bc55ae3c5137488dcf15e
Title: iocmd-21.21 segfault demo & more
Type: Bug Version: 8.5+
Submitter: dgp Created on: 2014-04-21 15:54:41
Subsystem: 25. Channel System Assigned To: dgp
Priority: 5 Medium Severity: Severe
Status: Closed Last Modified: 2014-04-21 18:56:20
Resolution: Fixed Closed By: dgp
    Closed on: 2014-04-21 18:56:20
Description:
New test iocmd-21.21 demonstrates a segfault.

It's worse than that though.

It demonstrates that reflected channels expose
(create?) the ability to close a channel in the
midst of operations on it.  This means things can
disappear, deallocate, invalidate, and go away,
when everything in progress is assuming that will
not happen.

One particular problem is the routine

ReflectInput(..., char *buf, int toRead, int *errorCodePtr);

The buf pointer value passed in is where RI() is meant to
write the bytes it reads.  However the InvokeTclMethod() call
inside RI() has the power to free that memory.  iocmd-21.21
demonstrates this (and other problems), and valgrind will indeed
report the "Invalid write" attempt.

A number of potential solutions can be imagined, but they all
seem unpleasant. Comments?
User Comments: dgp added on 2014-04-21 18:56:20:
Fixed in 8.5 branch.