| Ticket UUID: | d553228d9fcbd1722a85d6fc99dbbfb60176480 | |||
| Title: | lassign + dict update == segmentation fault | |||
| Type: | Bug | Version: | 8.6.5 | |
| Submitter: | pooryorick | Created on: | 2016-05-01 00:04:11 | |
| Subsystem: | 15. Dict Object | Assigned To: | dkf | |
| Priority: | 9 Immediate | Severity: | Critical | |
| Status: | Closed | Last Modified: | 2016-06-23 08:22:30 | |
| Resolution: | Fixed | Closed By: | dkf | |
| Closed on: | 2016-06-23 08:22:30 | |||
| Description: |
The following script produces a segmentation fault:
| |||
| User Comments: |
dkf added on 2016-06-23 08:22:30:
Good test case and patch. In 8.6 and trunk. anonymous (claiming to be aspect) added on 2016-05-01 02:15:58: Slightly simpler test script:
proc t {} {lassign {} item; dict update item item item two two {}}
t
My suspicion is that the initial loop in INST_DICT_UPDATE_START isn't robust against dictPtr being free()d while it's looping, and [lassign] contributes by only by putting a value in $item with low refcount.
The attached patch eliminates the segfault with this test script, but I haven't tested it any further:
| |||
Attachments:
- d553228d9f.patch [download] added by anonymous on 2016-05-01 02:17:24. [details]