Menu

#1787 refcount crash in file readlink

obsolete: 8.4a4
closed-fixed
Vince Darley
37. File System (341)
9
2002-03-16
2002-02-27
Jeffrey Hobbs
No

The file readlink command in the new VFS system isn't
handling refcounts right, leading to repeatable crash
situations. The following code will crash on RH6.1 or
SuSE7.3:

foreach file [lsort [glob /usr/bin/c*]] {
catch { file readlink $file }
}

There relevant stack trace info is:

#0 0x400bd990 in free () from /lib/libc.so.6
#1 0x080f375f in TclpFree (cp=0x810909c "")
at ../generic/tclAlloc.c:1639
#2 0x08072bff in Tcl_Free (ptr=0x810909c "")
at ../generic/tclCkalloc.c:1160
#3 0x080c5856 in FreeFsPathInternalRep
(pathObjPtr=0x81314f8)
at ../generic/tclIOUtil.c:3780
#4 0x080558d4 in TclFreeObj (objPtr=0x81314f8)
at /cvs/tcl/tcl8.4/unix/../generic/tclObj.c:696
#5 0x080c82f2 in FreeListInternalRep
(listPtr=0x8131768)
at ../generic/tclListObj.c:1387
#6 0x0809ddde in TclExecuteByteCode
(interp=0x810f110, codePtr=0x81188a8)
at ../generic/tclExecute.c:1375
#7 0x0809d150 in TclCompEvalObj (interp=0x810f110,
objPtr=0x8117880,
engineCall=0)
at ../generic/tclExecute.c:941
#8 0x0806e63d in Tcl_EvalObjEx (interp=0x810f110,
objPtr=0x8117880,
flags=131072) at ../generic/tclBasic.c:3864

If you remove the Tcl_DecrRefCount at tclCmdAH.c:1113
the bug will go away, but I'm sure that it leaking
memory. This needs to get addressed ASAP, along with
a more robust test suite on the VFS stuff (with a
purify run if possible).

Discussion

  • Nobody/Anonymous

    Nobody/Anonymous - 2002-02-28

    Logged In: NO

    That DecrRefCount is certainly needed according to the way
    the code is documented -- 'Tcl_FSLink' returns an object
    with refCount 1, which goes up to 2 when it is set as the
    interp's result. So therefore it should be decremented.

    I can't see anything obviously wrong, but
    Tcl_FSNewNativePath is the likely culprit. Perhaps
    something odd is happening with the 'pure normalized' path-
    type Tcl_Obj that is created. There is some slightly
    tricky logic with these, since they actually contain a
    circular reference, by design. -- Vince.

    As far as a more robust test suite on VFS stuff goes,
    that's hard to do without adding a proper vfs package to
    the core. Ideas appreciated, however.

     

  • Vince Darley

    Vince Darley - 2002-03-16
    • status: open --> closed-fixed
     

  • Vince Darley

    Vince Darley - 2002-03-16

    Logged In: YES
    user_id=32170

    See fix to bug 511666, which contains a fix to this.
    Tested on linux.