| Ticket UUID: | d43a10ce2fed950e00890049f3c273f2cdd12583 | |||
| Title: | tk_getOpenFile crashes when passed a bad -typevariable | |||
| Type: | Bug | Version: | 8.6.x | |
| Submitter: | anonymous | Created on: | 2014-11-12 00:25:37 | |
| Subsystem: | 37. [tk_get*File] | Assigned To: | jan.nijtmans | |
| Priority: | 5 Medium | Severity: | Important | |
| Status: | Closed | Last Modified: | 2014-11-14 08:21:27 | |
| Resolution: | Fixed | Closed By: | jan.nijtmans | |
| Closed on: | 2014-11-14 08:21:27 | |||
| Description: |
On Windows only, this script will crash the second time that tk_getOpenFile is executed. This has happened on windows 7 64bit, 32bit, XP 32bit, etc., 8.6.0-8.6.2.
Select a file to open each time the dialog is displayed. Both double-clicking and selecting open cause the failure.
#!/usr/bin/tclsh
package require Tk
set types [list [list Sequence {.seq}]]
puts "types:$types"
set dir [pwd]
set fh [open xyzzy.seq w];close $fh
set fh [open plugh.seq w];close $fh
for { set i 0 } { $i < 10 } { incr i } {
set fn [tk_getOpenFile \
-initialfile standardrounds \
-initialdir $dir \
-defaultextension .seq \
-parent . \
-typevariable $types \
-filetypes $types \
-title {Select Sequence} ]
}
exit
| |||
| User Comments: |
jan.nijtmans added on 2014-11-14 08:21:27:
Thanks! closed apnadkarni added on 2014-11-14 08:09:52: Fixed in trunk commit http://core.tcl.tk/tk/info/f5c04922361cb38ee6a8eb79aad3b40101616422 apnadkarni added on 2014-11-13 18:21:30: OK, found the problem. The issue was not with reference counting but with shimmering. The following line
} else if (Tcl_ObjSetVar2(interp, typeVariableObj, NULL,
typeInfo[0], TCL_GLOBAL_ONLY|TCL_LEAVE_ERR_MSG) == NULL) {
result = TCL_ERROR;
}
is broken because typeInfo[0] points into a list which may be also referenced by typeVariableObj. TOSV2 shimmers the object into variable intrep which loses the list representation and hence invalidates typeInfo[0] which is freed but nevertheless stored as the value of the variable. A crash in only a matter of time.
The new file dialogs in 8.6.3 are not affected because they do not use this pattern to update the typevariable.
The fix is simple but I'd prefer to not check it in until the previous change is reverted.
Jan, unless you can see a specific problem with the reference counting as it stood before your changes, could you revert them back first ? AFAICT the code was correct as it stood and if you agree I would prefer not to have the unnecessary ref incr/decrs.
apnadkarni added on 2014-11-13 15:35:18: The changes do not fix the crash. But please confirm on your own system as I suggested earlier - add the -xpstyle 1 option to the tk_getOpenFile /Ashok apnadkarni added on 2014-11-13 14:29:06: Jan, you would not see this crash on trunk unless you are running XP. Later systems would have used the new dialogs which may or may not have the same bug. I still need to check that. In any case, if you want to test on newer Windows systems you can add the undocumented option -xpstyle 1 to the command. That will force the old style dialogs that exhibit the bug I probably won't get to verification till the weekend jan.nijtmans added on 2014-11-13 13:49:58: Even though I didn't succeed in reproducing this, thanks to Andreas' hint I can see what's wrong. Should be fixed on trunk now. Please confirm, so this issue can be closed.
Thanks!
Jan Nijtmans
aku added on 2014-11-12 05:17:49: This might point to a refcounting issue where the code is no prepared to see the same Tcl_Obj coming in through two different options. apnadkarni added on 2014-11-12 04:20:52: Playing around with the script, it appears this happens when using $types as the argument to both -typevariable and -filetypes. Changing either fixes the crash (or possibly moves it to elsewhere) | |||
Home
Timeline
Branches
Tags
Tickets
Download
Wiki