#2572 modifying shared object panic in tclIndexObj.c

obsolete: 8.4.5
closed-fixed
7
2004-01-13
2004-01-12
No

In 8.4.5/8.5a0 Tcl_GetIndexFromObj calls
Tcl_GetIndexFromObjStruct which may do this:

resultPtr = Tcl_GetObjResult(interp);
Tcl_AppendStringsToObj(resultPtr,
(numAbbrev > 1) ? "ambiguous " : "bad ", msg, " \"",
key, "\": must be ", STRING_AT(tablePtr,offset,0),
(char*)NULL);

since Tcl_GetIndexFromObj can be called from arbitrary
C code, there can be no assumption the interp result is
empty/unshared, and the above code can crash (in fact
it does crash when I use alphatk+tkdnd together).

One fix is to insert:

if (Tcl_IsShared(resultPtr)) {
Tcl_Obj *copy = Tcl_DuplicateObj(resultPtr);
Tcl_DecrRefCount(resultPtr);
Tcl_SetObjResult(interp, copy);
resultPtr = copy;
}

but I leave the correct fix to the maintainers.

Discussion

  • Donal K. Fellows

    • assigned_to: msofer --> dkf
     
  • Donal K. Fellows

    • status: open --> closed-fixed
     
  • Donal K. Fellows

    Logged In: YES
    user_id=79902

    That's not the correct fix; the object must be fresh because
    we also have to allow for a non-empty interp result. I
    *hate* that GetObjResult/AppendStringsToObj anti-pattern!

    Fixed in HEAD and 8.4

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks