Explanation: The crash occurs in the function
Itcl_ScopedVarResolver, (itcl_object.c line 1215).
Every object to be resolved has a cmdproc,
and its objClientData contains the further
information that Itcl_ScopedVarResolver
needs. However, the objCmd must be
of type Itcl_HandleInstance, otherwise
the objClientData could be the clientData
of some other command, which could
contain anything.
Solution: In Itcl_ScopedVarResolver,
add an additional check, letting it
fail when
cmdInfo.objProc != Itcl_HandleInstance
All tests pass with this modification.
Thomas (or anyone else), please check if
this doesn't have any unexpected side
effects. Could cmdInfo.objProc have
any other value which is valid as well?
Regards,
Jan Nijtmans
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Retested in 8.5.11 - still crashes
Proposed fix committed in branch bug-3398008.
Explanation: The crash occurs in the function
Itcl_ScopedVarResolver, (itcl_object.c line 1215).
Every object to be resolved has a cmdproc,
and its objClientData contains the further
information that Itcl_ScopedVarResolver
needs. However, the objCmd must be
of type Itcl_HandleInstance, otherwise
the objClientData could be the clientData
of some other command, which could
contain anything.
Solution: In Itcl_ScopedVarResolver,
add an additional check, letting it
fail when
cmdInfo.objProc != Itcl_HandleInstance
All tests pass with this modification.
Thomas (or anyone else), please check if
this doesn't have any unexpected side
effects. Could cmdInfo.objProc have
any other value which is valid as well?
Regards,
Jan Nijtmans
fixed in itcl-3-branch