I have an application that often panics (TclStackFree: incorrect freePtr. Call out of sequence?) when using the tcllib smtp package to send an e-mail message. Unfortunately, even after I identified the Tcl issue, I wasn't able to use that information to produce a test case that didn't contain any private data. I could trap the arguments to the "subst" call that was failing, but when run in isolation, the problem never appeared. In fact, removing even completely unrelated procedures and commands from the script would cause the failure to go away.
Since I could make it happen reliably, I was able to find out what was wrong. I had assumed some memory was getting trashed somewhere, but it actually just looks like an issue with a code path that is really hard to get to. Basically TclStackRealloc usually just ends up returning its input pointer, but if you can get it to return something else the old one is still in the sequence. When I debugged it, I saw that the "move" input to GrowEvaluationStack was getting repurposed (and set to zero) in my case, and that was causing the only code I could see that was adjusting the pointer sequences to get skipped. So I added a separate variable for the other usage and it seems to be working for me. Please take a look at this and suggest something else if this patch would cause other problems.