| Ticket UUID: | 1224585 | |||
| Title: | reverse trace order conflicts trace delete safety | |||
| Type: | Bug | Version: | obsolete: 8.4.11 | |
| Submitter: | dgp | Created on: | 2005-06-21 04:05:07 | |
| Subsystem: | 46. Traces | Assigned To: | dgp | |
| Priority: | 9 Immediate | Severity: | ||
| Status: | Closed | Last Modified: | 2005-06-22 01:33:12 | |
| Resolution: | Fixed | Closed By: | dgp | |
| Closed on: | 2005-06-21 18:33:12 | |||
| Description: |
The Active*Trace mechanism for
protecting against trace deletion
during trace execution is based on
a hard and fast assumption that
the trace lists are traversed in
a single direction.
However, "leave" and "enterstep"
execution traces attempt to
fire in the opposite direction.
This leaves us open to a disaster like:
% proc foo {} {}
% proc x args {trace remove execution foo leave y}
% trace add execution foo leave x
% trace add execution foo leave y
% foo
Program received signal EXC_BAD_ACCESS, Could not
access memory.
0x0007027c in TclCheckExecutionTraces
(interp=0x1803200, command=0x60f5d0 "foo\n",
numChars=3, cmdPtr=0x6054d0, code=0, traceFlags=2,
objc=1, objv=0x1803404) at ../generic/tclCmdMZ.c:4206
4206 while (tracePtr->nextPtr !=
lastTracePtr) {
(gdb) bt
#0 0x0007027c in TclCheckExecutionTraces
(interp=0x1803200, command=0x60f5d0 "foo\n",
numChars=3, cmdPtr=0x6054d0, code=0, traceFlags=2,
objc=1, objv=0x1803404) at ../generic/tclCmdMZ.c:4206
#1 0x0002468c in TclEvalObjvInternal
(interp=0x1803200, objc=1, objv=0x1803404,
command=0x60f5d0 "foo\n", length=3, flags=0) at
../generic/tclBasic.c:3101
#2 0x0007346c in TclExecuteByteCode (interp=0x1803200,
codePtr=0x60f620) at ../generic/tclExecute.c:1417
#3 0x000722d8 in TclCompEvalObj (interp=0x1803200,
objPtr=0x1801138) at ../generic/tclExecute.c:981
#4 0x00025e50 in Tcl_EvalObjEx (interp=0x1803200,
objPtr=0x1801138, flags=131072) at
../generic/tclBasic.c:4051
#5 0x0004942c in Tcl_RecordAndEvalObj
(interp=0x1803200, cmdPtr=0x1801138, flags=131072) at
../generic/tclHistory.c:142
#6 0x00005cac in Tcl_Main (argc=1, argv=0xbffffd60,
appInitProc=0x39c0 <Tcl_AppInit>) at
../generic/tclMain.c:390
#7 0x000039a4 in main (argc=1, argv=0xbffffd60) at
../unix/tclAppInit.c:90
It appears the reverse direction
implementation never even considered
the possibility of the trace list changing
out from under it.
| |||
| User Comments: |
dgp added on 2005-06-22 01:33:12:
Logged In: YES user_id=80530 fix ported to HEAD dgp added on 2005-06-22 00:20:15: Logged In: YES user_id=80530 patch committed for 8.4.11 report open for port to HEAD dgp added on 2005-06-22 00:13:02: File Added - 139259: 1224585.patch dgp added on 2005-06-22 00:13:00: Logged In: YES user_id=80530 attached patch makes the Active*Trace mechanism aware of the scan direction. | |||
Attachments:
- 1224585.patch [download] added by dgp on 2005-06-22 00:13:00. [details]