Tcl Source Code

Artifact [d47de8c707]
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Download Hex Parsed

Artifact d47de8c7074021b030c1651fec15ff49d76661a6:

Ticket change [d47de8c707] - New ticket [578155d5a1] Very rare bug (segfault) if set variable (with error case) using self-releasable object as new value. by sebres 2017-07-12 19:15:40. 
D 2017-07-12T19:15:40.290
J assignee nobody
J closer nobody
J cmimetype text/x-fossil-wiki
J comment I\sfound\sa\svery\srare\sbut\svery\sannoying\sbug\s(segfault),\sif\svariable\swill\sset\sfor\sexample\susing\sTcl_ObjSetVar2\sor\ssimilar.<br/>\r\nIn\sresult\sit\sbelongs\sto\svery\sold\scheck-in\s[510663a99e3a096bb7bab7314eb59fc805335318]\sfrom\s2005.<br/>\r\nI\shad\sthis\sbug\ssometimes\svery-very\ssporadically,\sso\sI\sexecuted\sone\sof\smy\stcl-service\sunder\sdebugger\suntil\sit\snot\soccurred\sagain.\r\n\r\n<h2>PoC:</h2>\r\n<ul>\r\n<li>\ssomewhat\swill\sset\svar\svarName\sto\snewValue\swith\s`Tcl_ObjSetVar2`,\s`Tcl_SetVar2Ex`\sor\ssimilar\s(e.\sg.\swith\sflag\sTCL_LEAVE_ERR_MSG);</li>\r\n<li>\sthereby\sthis\sobject\s(newValue)\swas\s<b>only\sonce\sreferenced</b>\s(somewhere\sin\sinterpreter\sstate,\se.\sg.\ssomething\sin\ssub-list\sor\ssub-dictionary\sof\sinterp-result,\setc.).\sEmphasis\son\s"only\sonce",\sso\snewValue->refCount\sis\s1.</li>\r\n<li>\sthe\sset\sproduces\san\sinterim\serror\s(for\sexample\ssomething\sgoing\swrong\sby\sthe\sresolving\sof\sthe\svarname,\sor\sin\strace,\setc)</li>\r\n<li>\sby\sthe\sfollowing\sthrowing\sof\sthe\serror-state\sto\sinterp\s(result,\serrorInfo,\serrorCode)\sthis\swill\sautomatically\sdecrease\sold\sobject\sof\sinterp-state,\swhich\scan\salso\sremove\sall\schildren</li>\r\n<li>\sthus\sthe\s<b>newValue->refCount\swill\sbe\simplicit\sdecreased\sto\s0</b>,\sand\sobject\snewValue\swill\sbe\sreleased.</li>\r\n<li>\sthe\sproblem\sis\sthen\sthe\scode\slike\shere\s-\s<a\shref="http://core.tcl.tk/tcl/artifact/3293a2dbff528bd4?ln=1458">artifact/3293a2dbff528bd4?ln=1458</a>\sor\s<a\shref="http://core.tcl.tk/tcl/artifact/3293a2dbff528bd4?ln=1517">artifact/3293a2dbff528bd4?ln=1517</a>,\sbecause\sit\stries\sto\saccess\salready\sreleased\sobject\snewValue\s(that\sdoes\snot\sexists\sanymore!)\sand\sdecrease\sits\sreference\sagain\sand\sthen\stries\sto\srelease\sit\sagain!</li>\r\n</ul>\r\n\r\nWhy\sI\sthink,\sthat\sis\sa\sbug?\r\n\r\nBecause\sonly\sthe\scaller\sof\s`Tcl_ObjSetVar2`\sreally\sknow\sthat\sthe\sreference\sof\sthis\sobject\sshould\sbe\sdecremented\sor\snot.\sAnd\sbecause\sexplicit\sdecreasing\sinside\s`Tcl_ObjSetVar2`\sis\svery\sunexpected\sbehavior,\sIMHO\s(because\srather\sincreased\sor\sunmodified).<br/>\r\nOtherwise\sthe\scall\sof\s`Tcl_ObjSetVar2`,\s`Tcl_SetVar2Ex`\sor\ssimilar\sshould\s<b>always</b>\slook\slike\sthis:\r\n<code><pre>\r\nTcl_IncrRefCount(newValue);\r\nTcl_ObjSetVar2(interp,\svarName,\sNULL,\snewValue,\s...)\r\nTcl_DecrRefCount(newValue);\r\n</pre></code>\r\nBut\sin\sthis\scase\sthe\s<a\shref="http://core.tcl.tk/tcl/artifact/3293a2dbff528bd4?ln=1517">above-mentioned\scode</a>\sis\stotally\sunnecessary\s(because\snewValuePtr->refCount\swill\sbe\snever\s0).<br/>\r\nAnd\sthen\sthis\scheck-in\sno\slonger\smakes\ssense\sat\sall.\r\n\r\nSo\sI'm\sdesperate,\show\sit\scan\sbe\sfixed\splausible\sresp.\stotally\sbackwards\scompatible\s(this\scheck-in\sis\solder\sas\s10\syears).\s\r\n\r\nSuggestions\sare\swelcome...
J foundin >=\s8.5
J is_private 0
J login sebres
J priority 5\sMedium
J resolution None
J severity Critical
J status Open
J submitter sebres
J subsystem 07.\sVariables
J title Very\srare\sbug\s(segfault)\sif\sset\svariable\s(with\serror\scase)\susing\sself-releasable\sobject\sas\snew\svalue
J type Bug
K 578155d5a19b348dc1a9fe96cc2c067a59326a89
U sebres
Z efc60176393b636f45ba87a2175df637
This page was generated in about 0.008s by Fossil 2.24 [f4ffefe708] 2024-04-17 14:02:19