| Ticket UUID: | 2978773 | |||
| Title: | Segfault when using a reflected channel | |||
| Type: | Bug | Version: | obsolete: 8.5.8 | |
| Submitter: | sbron | Created on: | 2010-03-29 19:25:31 | |
| Subsystem: | 25. Channel System | Assigned To: | andreas_kupries | |
| Priority: | 9 Immediate | Severity: | ||
| Status: | Closed | Last Modified: | 2010-03-31 04:18:16 | |
| Resolution: | Fixed | Closed By: | andreas_kupries | |
| Closed on: | 2010-03-30 21:18:16 | |||
| Description: |
The attached script causes a segfault, as discussed on the chat with aku and kbk. | |||
| User Comments: |
andreas_kupries added on 2010-03-31 04:18:16:
allow_comments - 1 Fixes committed to head and 8.5 branch. andreas_kupries added on 2010-03-31 03:00:54: The attached fixes (represented by unidiff patches) pass the segfault.tcl. This example does not crash any longer. andreas_kupries added on 2010-03-31 02:59:53: File Added - 368854: patch-86 andreas_kupries added on 2010-03-31 02:59:31: File Added - 368853: patch-85 andreas_kupries added on 2010-03-31 01:47:38: The problem is equivalent to 2921116, except for reflected channel instead of reflected transform. The crashing script deeply nests through the script handler of the channel, then destroys the channel very deeply in the stack, and during the unwinding process it tries to invoke the script handler at a point where the structure is already destroyed, with bogus interp and other pointers. This can be seen very nicely in the modified segfault.tcl script where I changed the logging to show the nesting structure of Tcl procedures. The nesting does occur because of the immediate posting of events in some places, calling immediately back into the Tcl layer. This is why defering this action via 'after' is a workaround. It prevents the nesting and thus each callback into the channel handler can be sure to have the C structure whole and complete for the lifetime of its operation. Now working on the fix (Tcl_Preserve/Release the C level ReflectedChannel structure to keep it alive while there are references to it in C and Tcl stacks). andreas_kupries added on 2010-03-31 01:41:56: File Added - 368848: segfault-log.txt andreas_kupries added on 2010-03-31 01:41:14: File Added - 368847: segfault.tcl sbron added on 2010-03-30 03:01:03: File Deleted - 368655: File Added - 368657: valgrind.out sbron added on 2010-03-30 02:27:22: File Added - 368655: valgrind.out sbron added on 2010-03-30 02:25:31: File Added - 368654: segfault.tcl | |||
Attachments:
- patch-86 [download] added by andreas_kupries on 2010-03-31 02:59:53. [details]
- patch-85 [download] added by andreas_kupries on 2010-03-31 02:59:30. [details]
- segfault-log.txt [download] added by andreas_kupries on 2010-03-31 01:41:56. [details]
- segfault.tcl [download] added by andreas_kupries on 2010-03-31 01:41:14. [details]
- valgrind.out [download] added by sbron on 2010-03-30 03:01:03. [details]