Ticket UUID: | 427196 | |||
Title: | fconfigure -buffer in midread =>segfault | |||
Type: | Bug | Version: | obsolete: 8.4a3 | |
Submitter: | dgp | Created on: | 2001-05-25 06:32:50 | |
Subsystem: | 25. Channel System | Assigned To: | andreas_kupries | |
Priority: | 7 High | Severity: | ||
Status: | Closed | Last Modified: | 2001-07-19 00:29:34 | |
Resolution: | Fixed | Closed By: | andreas_kupries | |
Closed on: | 2001-07-18 17:29:34 | |||
Description: |
The demo script reads part of a file, then changes the buffer size, then tries to read the rest of the file. Then, either a segfault or a POSIX error. To diagnose the memory problem, evaluate the demo script in a tclsh built with TCL_MEM_DEBUG: $ ./tclsh buffer.tcl hi guard byte 0 is 0x65 e hi guard byte 2 is 0x64 d hi guard byte 3 is 0x20 hi guard byte 4 is 0x24 $ hi guard byte 5 is 0x63 c total mallocs 1402 total frees 791 current packets allocated 611 current bytes allocated 49654 maximum packets allocated 759 maximum bytes allocated 87378 high guard failed at 80d9008, ./../generic/tclIO.c 4913 58 bytes allocated at (./../generic/tclIO.c 1659) Memory validation failure Aborted (core dumped) Apparently this problem first appeared in Tcl 8.1. | |||
User Comments: |
andreas_kupries added on 2001-07-19 00:29:34:
Logged In: YES user_id=75003 Performance patch committed to main and core-8-3-1-branch. This item is now completely closed. andreas_kupries added on 2001-07-18 04:11:23: File Added - 8533: tcl.427196.2.diff.txt Logged In: YES user_id=75003 Upload of patch which squashes the performance problem for dynamically changing buffersizes, by squashing buffers which are to small. andreas_kupries added on 2001-07-18 01:45:02: File Added - 8526: tcl.427196.1.diff.txt andreas_kupries added on 2001-07-18 00:47:54: File Added - 8523: tcl.427196.0.diff.txt andreas_kupries added on 2001-07-18 00:10:07: Logged In: YES user_id=75003 The reason for the crash is a combination of two things: First, the buffer allocated when -buffersize 10 was set is reused in the second read. And second, the IO system blithely uses the set buffersize as the number of bytes to read and not the actual size of the buffer in use. This causes the overwrite beyond the end of the buffer and the subsequent crash when closing the channel. The relevant location is tclIO.c, line 5004 in "GetInput". A patch will follow shortly. dgp added on 2001-05-25 13:32:50: File Added - 6648: buffer.tcl |
Attachments:
- tcl.427196.2.diff.txt [download] added by andreas_kupries on 2001-07-18 04:11:23. [details]
- tcl.427196.1.diff.txt [download] added by andreas_kupries on 2001-07-18 01:45:02. [details]
- tcl.427196.0.diff.txt [download] added by andreas_kupries on 2001-07-18 00:47:54. [details]
- buffer.tcl [download] added by dgp on 2001-05-25 13:32:50. [details]