Menu
▾
▴
#1685 TclEvalObjvInternal: potential segfault
closed-invalid
9
2002-06-26
2001-11-21
No
Within TclEvalObjvInternal(), trace
procedures are called in a loop like:
for (tracePtr = iPtr->tracePtr;
tracePtr != NULL;
tracePtr = nextPtr) {
nextPtr = tracePtr->nextPtr;
...
(*tracePtr->proc)(tracePtr->clientData, interp,
iPtr->numLevels, commandCopy,
cmdPtr->proc, cmdPtr->clientData,
objc, argv);
}
Trouble with that is (*tracePtr->proc) could
do anything, including calling Tcl_DeleteTrace
on the Tcl_Trace held by nextPtr. If it does
that, there will be a segfault.
The technique used by command and variable traces
that involves defining additional structures
such as ActiveCommandTrace and special handling
could be adapted to solve this problem.
Logged In: YES
user_id=80530
The TIP 62 reference implementation
(Tcl Patch 562580) appears to address
this potential bug, though it's a
patch against an earlier HEAD.
Logged In: YES
user_id=80530
Can we check that TIP 62 really fixed this?
Logged In: YES
user_id=148712
It looks like it did; that logic now moved from TEOVI to
TclCheck[...]Traces in tclCmdMZ.c, a cursory look (without
deep understanding) suggests the issue is handled there.
Assigning to Vince so that he (hopefully) confirms that
all's well and closes the ticket.
Logged In: YES
user_id=32170
I agree with Miguel. It looks as if there is not a
problem. I also recall doing extensive testing of this
sort of thing (trace deletes trace, trace deletes cmd, etc),
with no adverse effects.