Bug 49406 - tcl crashes because of object corrupted by call to "gets"
Summary: tcl crashes because of object corrupted by call to "gets"
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcltk   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jens Petersen
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-19 06:23 UTC by Jonathan Kamens
Modified: 2007-04-18 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-19 20:44:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to fix tcl crash (870 bytes, patch)
2001-07-19 06:23 UTC, Jonathan Kamens
no flags Details | Diff

Description Jonathan Kamens 2001-07-19 06:23:08 UTC
Please see
-- I filed this bug with the TCL maintainers too.  Here's what I told them:

                   The function Tcl_GetsObjCmd in tclIOCmd.c can corrupt a 
                   freed object if it is called with objc == 3. This is 
                   because it retrieves resultPtr and does not increment 
                   its reference count, but then calls Tcl_ObjSetVar2, 
                   which causes the retrieved resultPtr object to be 
                   released. I will attach a patch, which I hope is 
                   correct (if not, please E-mail me and let me know why, 
                   so I can understand all of this better; I barely 
                   understand it).

I'll attach the same patch I sent to them.

Comment 1 Jonathan Kamens 2001-07-19 06:23:26 UTC
Created attachment 24087 [details]
patch to fix tcl crash

Comment 2 Eido Inoue 2001-07-24 04:44:55 UTC
I've looked at the patch and it indeed seems to fix and obvious logic problem.
I'll watch the comp.lang.tcl and sourceforge to see the progress of this patch.

I'm putting it in the next public beta because the fix seems to make sense.

Note You need to log in before you can comment on or make changes to this bug.