#1869 Tcl_ExprObj -> abort

[Chris Hall]

Calling Tcl_Expr... with an invalid expression causes
the following error:

Tcl_AppendStringsToObj called with shared object
Abort (core dumped)

when there is already a shared result object in the
interpreter's result object.

The program below reproduces the fault:

----- CUT HERE -----
#include <tcl.h>

char* expr = "$A == B";

main(int argc, char** argv)
{
int ret;
Tcl_Interp* interp = Tcl_CreateInterp();
Tcl_Obj* obj;

obj = Tcl_NewStringObj("Hello", -1);

Tcl_IncrRefCount(obj);

Tcl_SetObjResult(interp, obj);

Tcl_ExprBoolean(interp, expr, &ret);
}
----- CUT HERE -----

Superficially, this seems similar to bug #456892 which
I submitted last year.

The problem exists in 8.3.4 and 8.4a4 (both built from
source, today, on Solaris 7).

[miguel sofer]

Logged In: YES
user_id=148712

Yes, I do think it is a new symptom of the same "disease"
described in bugs #456892 and #533364. Raising the priority.

[Joe English]

Logged In: YES
user_id=68433

Fixed now.

The culprit here is LogSyntaxError(), which was calling:
Tcl_AppendStringsToObj(Tcl_GetObjResult(infoPtr->parsePtr->interp),
...),
without first checking to ensure that the object result is
not shared.

Actually, since LogSyntaxError is an "error originator", it
should be overwriting the result instead of appending to
it. Fix: added a call to Tcl_ResetResult() (tclParseExpr.c,
identical fix in tclCompExpr.c).

NOTE: there are several other places in the core where the
idiom Tcl_AppendStringsToObj(Tcl_GetObjResult(interp), ...)
appears; these should either be replaced with
Tcl_AppendResult(infoPtr->parsePtr->interp, ...), or
preceded by Tcl_ResetResult() as appropriate.