The file readlink command in the new VFS system isn't
handling refcounts right, leading to repeatable crash
situations. The following code will crash on RH6.1 or
SuSE7.3:
foreach file [lsort [glob /usr/bin/c*]] {
catch { file readlink $file }
}
There relevant stack trace info is:
#0 0x400bd990 in free () from /lib/libc.so.6
#1 0x080f375f in TclpFree (cp=0x810909c "")
at ../generic/tclAlloc.c:1639
#2 0x08072bff in Tcl_Free (ptr=0x810909c "")
at ../generic/tclCkalloc.c:1160
#3 0x080c5856 in FreeFsPathInternalRep
(pathObjPtr=0x81314f8)
at ../generic/tclIOUtil.c:3780
#4 0x080558d4 in TclFreeObj (objPtr=0x81314f8)
at /cvs/tcl/tcl8.4/unix/../generic/tclObj.c:696
#5 0x080c82f2 in FreeListInternalRep
(listPtr=0x8131768)
at ../generic/tclListObj.c:1387
#6 0x0809ddde in TclExecuteByteCode
(interp=0x810f110, codePtr=0x81188a8)
at ../generic/tclExecute.c:1375
#7 0x0809d150 in TclCompEvalObj (interp=0x810f110,
objPtr=0x8117880,
engineCall=0)
at ../generic/tclExecute.c:941
#8 0x0806e63d in Tcl_EvalObjEx (interp=0x810f110,
objPtr=0x8117880,
flags=131072) at ../generic/tclBasic.c:3864
If you remove the Tcl_DecrRefCount at tclCmdAH.c:1113
the bug will go away, but I'm sure that it leaking
memory. This needs to get addressed ASAP, along with
a more robust test suite on the VFS stuff (with a
purify run if possible).
Logged In: NO
That DecrRefCount is certainly needed according to the way
the code is documented -- 'Tcl_FSLink' returns an object
with refCount 1, which goes up to 2 when it is set as the
interp's result. So therefore it should be decremented.
I can't see anything obviously wrong, but
Tcl_FSNewNativePath is the likely culprit. Perhaps
something odd is happening with the 'pure normalized' path-
type Tcl_Obj that is created. There is some slightly
tricky logic with these, since they actually contain a
circular reference, by design. -- Vince.
As far as a more robust test suite on VFS stuff goes,
that's hard to do without adding a proper vfs package to
the core. Ideas appreciated, however.
Logged In: YES
user_id=32170
See fix to bug 511666, which contains a fix to this.
Tested on linux.