Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo


#88 Patch for segfault in exp_background_channelhandlers_run_all


When using exp_background extensively I found myself running into segfaults on both Linux (RHEL) and Solaris 10 (sparc & ix86) using Expect 5.45 and Tcl 8.5.11.

Briefly, the issue occurs when exp_background_channelhandler is called on an esPtr and that esPtr ends up getting freed before exp_background_channelhandler returns such that esPtr->nextPtr is smashed and points to random memory leading in most cases to an immediate segfault.

I am attaching a patch that has fixed the problem for me.


  • s/exp_background/expect_background/

  • Reading through the patch is the priorPtr dance required ?
    Given that esPtr->nextr was saved to "esNextPtr" in the patch,
    could we not simply use this saved pointer get to the next element of the list ?

    I.e. use esPtr = esNextPtr
    in the for (....) clause ?

    Hm ... Reading more of the comments you are saying that not only esPtr might have been freed, leaving its pointers invalid, but that the next element may also be freed already, detectable via the previous element not pointing to the saved next element ... In which case you abort the loop.


  • Committed to CVS head. Version bumped to 5.45.1

    • assigned_to: nobody --> andreas_kupries
    • status: open --> closed-fixed