Tcl Source Code

Call Tcl_EvalEx() on a command
with significant nesting of substitution...

Tcl_Eval(interp, "foo [foo [foo [...]]]");

Tcl_EvalEx will call TclSubstTokens
to do the command substitution for
the argument.  Which will turn around
and recursively call Tcl_EvalEx to
evaluate the command, etc.

...All without incrementing iPtr->numLevels...

This means an arbitrary deep number
of recursive calls to Tcl_EvalEx can
happen without detection, evading the
limitations meant to be imposed by
[interp recursionlimit].  Eventually this
can lead to stack overflow problems.

File Added - 126252: 1115904-84.patch

Logged In: YES 
user_id=80530


here's the corresponding patch
for 8.4.  Note that more patching
is required because in Tcl 8.4,
script evaluation substitution
and [subst] substitution haven't
been unified as they have in Tcl 8.5.

Committing for 8.4.10

Logged In: YES 
user_id=80530

fixed in HEAD (8.5a3)

Logged In: YES 
user_id=148712

Nice patch - commit please

File Deleted - 118493:

File Added - 118584: 1115904.patch

Logged In: YES 
user_id=80530


Here's a better patch with tests.
Please review and apply if acceptable.

Logged In: YES 
user_id=80530

appears that this issue dates
all the way back to the arrival
of Tcl_EvalEx around Tcl 8.1.

Logged In: YES 
user_id=80530

that patch doesn't fix the issue
after all.

There's no call to TclInterpReady()
in that code path either, so no
chance to detect the recursion
limit.  Thoughts?

File Added - 118493: 1115904.patch

Logged In: YES 
user_id=80530

Attached patch corrects the bug,
but also changes $::errorInfo in
some situations, causing test
basic-46.4 to fail.  Comment?