Tcl / Read-Only Bugs / #3917 Bug in code of Tcl

#3917 Bug in code of Tcl_GetAlias in tclInterp.c

Milestone: obsolete: 8.5.0

Status: closed-fixed

Owner: miguel sofer

Labels: 20. [interp] (71)

Priority: 9

Updated: 2008-01-30

Created: 2008-01-30

Creator: an0

Private: No

The last `for' loop in Tcl_GetAlias function:
for (i = 1; i < objc; i++) {
*argvPtr[i - 1] = TclGetString(objv[i]);
}

The bug spot is `*argvPtr[i - 1]'. Obviously, it should be `(*argvPtr)[i - 1]', otherwise, it causes invalid memory access when objc > 2, since it is only when idx is 0 that *argvPtr[idx] is the same as (*argvPtr)[idx] in effect.

Thus, the fixed code is:
for (i = 1; i < objc; i++) {
(*argvPtr)[i - 1] = TclGetString(objv[i]);
}

It is verified by our application product.

Discussion

Donal K. Fellows - 2008-01-30

priority: 5 --> 9
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

miguel sofer - 2008-01-30

assigned_to: hobbs --> msofer

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

miguel sofer - 2008-01-30

Logged In: YES
user_id=148712
Originator: NO

Fixed in HEAD and 8.4

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bug in code of Tcl_GetAlias in tclInterp.c

The Tool Command Language implementation

Group

Searches

Help

#3917 Bug in code of Tcl_GetAlias in tclInterp.c

Discussion