| Ticket UUID: | 599788 | |||
| Title: | error in (array element script) causing tclsh segfault | |||
| Type: | Bug | Version: | obsolete: 8.4b3 | |
| Submitter: | wilkason | Created on: | 2002-08-25 00:25:31 | |
| Subsystem: | 47. Bytecode Compiler | Assigned To: | msofer | |
| Priority: | 9 Immediate | Severity: | ||
| Status: | Closed | Last Modified: | 2002-08-27 00:39:49 | |
| Resolution: | Fixed | Closed By: | msofer | |
| Closed on: | 2002-08-26 17:39:49 | |||
| Description: |
The crash originates in generic\tclExecute.c
GetSrcInfoForPc at line 4574
at CVS head on 8/24/02 The code is below, what
happens is the call to
macro TclGetInt4AtPtr with value 0xFF returns a huge
negative number thus
later causing offsets to break and eventually a crash in
tclBasic.c
Tcl_LogCommandInfo. The error was introduced
sometime after 8.4b2. The offending
source code is below:
if ((unsigned int) (*srcDeltaNext) ==
(unsigned int) 0xFF) {
srcDeltaNext++;
delta = TclGetInt4AtPtr(srcDeltaNext); //
<- bad juju returned
srcDeltaNext += 4;
} else {
delta = TclGetInt1AtPtr(srcDeltaNext);
srcDeltaNext++;
}
}
Source in the attached file to see it.
| |||
| User Comments: |
msofer added on 2002-08-27 00:39:49:
Logged In: YES user_id=148712 Fixed by copying the tokens instead of copying/reparsing the source string. msofer added on 2002-08-26 00:39:29: Logged In: YES
user_id=148712
Found the problem; it is caused by the CONSTification of the
parser/compiler. In tclCompCmds.c, line 3267, we are
compiling the tokens from a *copy* of the relevant source
string, thus getting pointers to said copy instead of to the
original.
Diagnostic done, fix not yet ...
The simplest script to show the bug is
set a([error])
when it is compiled (ie, typed at the tclsh prompt or in a
proc body if sourced).
msofer added on 2002-08-25 20:56:03: Logged In: YES
user_id=148712
TclLogCommandInfo is getting wrong input: 'script' and
'command' do point to strings with the correct contents, but
'command' is not a substring of 'script' as it should. See
the debug session below:
(gdb) r
Starting program: /CVS/tcl_SF_clean/unix/tclsh
% set a([set x])
Program received signal SIGSEGV, Segmentation fault.
0x0806d426 in Tcl_LogCommandInfo (interp=0x81070e0,
script=0x810f9a0 "set a([set x])\n",
command=0xbfffe88e "set x]\"", length=5) at
./../generic/tclBasic.c:3243
3243 if (*p == '\n') {
(gdb) p p
$1 = 0x8130000 <Address 0x8130000 out of bounds>
msofer added on 2002-08-25 19:20:22: Logged In: YES user_id=148712 I get the segfault also in 8.4b2, but not in 8.4b1. It figure, since little has been changed that could trigger this since 8.4b2. The segfault is also triggered by set a([x]) - assuming no command 'x' is defined. The code section mentioned has never been touched since 8.0. wilkason added on 2002-08-25 07:25:31: File Added - 29738: test.tcl | |||
Attachments:
- test.tcl [download] added by wilkason on 2002-08-25 07:25:31. [details]