Tcl Source Code

The commits to HEAD on 2001-09-26 cause segfaults
in tests io-36.5, http-3.6 (http.test), http-3.5
(httpold.test).

Logged In: YES 
user_id=75003

Ok, the add-on patch is now part of core-8-3-1-branch too. 
This closes the bug for good.

Logged In: YES 
user_id=75003

Just attach the add-on patch here too and I will apply it.

Logged In: YES 
user_id=80530

Embarassment all around.  I forgot the (ClientData) casts.
Fortunately, Vince Darley caught that and is fixing it.
Need to make sure that fix gets back to the
core-8-3-1-branch though.

Logged In: YES 
user_id=75003

Thanks Don, for tracking this down.

So what I forgot was essentially the possibility that the 
channel is can be [close]d during the handling of the 
fileevent, invalidating its structures including the 
statePtr. Without the preserve I write into a freed area, 
messing up memory mgmt.

Simple in hindsight. Also embarassing.

Logged In: YES 
user_id=80530

Yes, that's the fix. Committing...

File Added - 11304: fix.patch

Logged In: YES 
user_id=80530

The attached patch may be the fix.
testing it now...

Logged In: YES 
user_id=80530

ElectricFence says the bad code is
line 6741 of generic/tclIO.c:

statePtr->flags &= ~CHANNEL_TIMER_FEV

Logged In: YES 
user_id=80530


I rolled back to revision 1.35 of generic/tclIO.c
in my working directory and the segfaults go
away, so that is the trigger, though probably
not the cause.

Logged In: YES 
user_id=80530


Several architectures.  Here's the first.  It segfaults
on test io-36.5:

$ uname -a
Linux rhea 2.0.35 #1 Tue Jul 14 23:56:39 EDT 1998 i686
unknown
$ cd tcl/unix
$ ./configure --disable-shared --enable-symbols
...
$ make tcltest
...
$ vi ../tests/io.test
... Comment out test io-29.27 ...
$ gdb ./tcltest
...
(gdb) run
Starting  program: /home/dgporter/cvs/tcl/unix/./tcltest 
% source ../tests/io.test

Program received signal SIGSEGV, Segmentation fault.
0x4006a090 in chunk_alloc (ar_ptr=0x400bebd0, nb=128) at
malloc.c:2621
malloc.c:2621: No such file or directory.
(gdb) bt
#0  0x4006a090 in chunk_alloc (ar_ptr=0x400bebd0, nb=128) at
malloc.c:2621
#1  0x40069fa5 in __libc_malloc (bytes=124) at malloc.c:2566
#2  0x80efb3d in TclpAlloc (nbytes=124) at
./../generic/tclAlloc.c:672
#3  0x806748c in Tcl_Alloc (size=124) at
./../generic/tclCkalloc.c:983
#4  0x80a3f25 in Tcl_CreateChannel (typePtr=0x8103d34, 
    chanName=0xbfffceb0 "file6", instanceData=0x811e530,
mask=4)
    at ./../generic/tclIO.c:1112
#5  0x80d8021 in TclpOpenFileChannel (interp=0x8108b80,
pathPtr=0x8158ea8, 
    modeString=0x8162a00 "w", permissions=438) at
./../unix/tclUnixChan.c:1377
#6  0x80b0043 in Tcl_FSOpenFileChannel (interp=0x8108b80,
pathPtr=0x8158ea8, 
    modeString=0x8162a00 "w", permissions=438) at
./../generic/tclIOUtil.c:1553
#7  0x80acf40 in Tcl_OpenObjCmd (notUsed=0x0,
interp=0x8108b80, objc=3, 
    objv=0xbfffd010) at ./../generic/tclIOCmd.c:975
#8  0x80bd775 in EvalObjv (interp=0x8108b80, objc=3,
objv=0xbfffd010, 
    command=0x8160029 "open test1 w]\n    puts $f
abcdefghijklmnop\n    close $f\n    set f [open test1
r]\n    fconfigure $f -blocking off\n    set l \"\"\n   
lappend l [fblocked $f]\n    lappend l [read $f 3]\n   
lappend l [fbloc"..., 
    length=12, flags=0) at ./../generic/tclParse.c:932
#9  0x80be10c in Tcl_EvalEx (interp=0x8108b80, 
    script=0x8160029 "open test1 w]\n    puts $f
abcdefghijklmnop\n    close $f\n    set f [open test1
r]\n    fconfigure $f -blocking off\n    set l \"\"\n   
lappend l [fblocked $f]\n    lappend l [read $f 3]\n   
lappend l [fbloc"..., 
    numBytes=12, flags=0) at ./../generic/tclParse.c:1450
#10 0x80bdbed in Tcl_EvalTokensStandard (interp=0x8108b80, 
    tokenPtr=0xbfffd368, count=1) at
./../generic/tclParse.c:1192
#11 0x80be065 in Tcl_EvalEx (interp=0x8108b80, 
    script=0x8160008 "\n    removeFile test1\n    set f
[open test1 w]\n    puts $f abcdefghijklmnop\n    close
$f\n    set f [open test1 r]\n    fconfigure $f -blocking
off\n    set l \"\"\n    lappend l [fblocked $f]\n   
lappend l"..., 
    numBytes=350, flags=262144) at
./../generic/tclParse.c:1436
#12 0x80633ec in Tcl_EvalObjEx (interp=0x8108b80,
objPtr=0x815ad08, 
    flags=262144) at ./../generic/tclBasic.c:2798
#13 0x80c6854 in Tcl_UplevelObjCmd (dummy=0x0,
interp=0x8108b80, objc=1, 
    objv=0x810a384) at ./../generic/tclProc.c:667
#14 0x808b2dd in TclExecuteByteCode (interp=0x8108b80,
codePtr=0x8163bf8)
    at ./../generic/tclExecute.c:869
#15 0x80636c2 in Tcl_EvalObjEx (interp=0x8108b80,
objPtr=0x812b5a0, flags=0)
    at ./../generic/tclBasic.c:2951
#16 0x80c6f4d in TclObjInterpProc (clientData=0x813be40,
interp=0x8108b80, 
    objc=6, objv=0xbfffdb80) at ./../generic/tclProc.c:1075
#17 0x80bd775 in EvalObjv (interp=0x8108b80, objc=6,
objv=0xbfffdb80, 
    command=0x8160460 "tcltest::runTest io-36.5
{Tcl_InputBlocked vs files, short read, nonblocking} {\n   
removeFile test1\n    set f [open test1 w]\n    puts $f
abcdefghijklmnop\n    close $f\n    set f [open test1
r]\n    fco"..., 
    length=472, flags=0) at ./../generic/tclParse.c:932
#18 0x80be10c in Tcl_EvalEx (interp=0x8108b80, 
    script=0x8160460 "tcltest::runTest io-36.5
{Tcl_InputBlocked vs files, short read, nonblocking} {\n   
removeFile test1\n    set f [open test1 w]\n    puts $f
abcdefghijklmnop\n    close $f\n    set f [open test1
r]\n    fco"..., 
    numBytes=472, flags=262144) at
./../generic/tclParse.c:1450
...

Logged In: YES 
user_id=75003

Just tried head on the AS solaris/sparc host. Two failures
in the testsuite (cmdAH.test, fCmd.test, see below),
seemingly unrelated. No segfaults.

cmdAH-16.3 Tcl_FileObjCmd: readable FAILED
fCmd-17.1 mkdir stat failing on target but not ENOENT FAILED

Logged In: YES 
user_id=75003

On what architecture ? 

I had no segfaults on Linux/i686.

My I have stacktraces for a core compiled with
--enable-symbols ?