From: miguel sofer on
stsoe wrote:
> Hi all,
>
> I am using tcl8.5.6 and have run into an issue when my extension is
> calling Tcl_InvalidateStringRep with a shared Tcl_Obj that happens to
> be stored in Tcl's literal table. When Tcl later looks up in the
> literal table for an object that matches the string rep of the earlier
> invalidated object, it can happen that it reaches the object that was
> earlier processed by Tcl_InvalidateStringRep. This object correctly
> has bytes==0x0 but the length was not reset and remains the original
> length, hence matches the length of the requested string literal. A
> crash occurs when TclCreateLiteral then deferences the null bytes ptr.
>
> Shouldn't Tcl_InvalidateStringRep remove the objPtr from the literal
> table if it is there? Or at the very least set the length to 0 at the
> same time it deletes and nulls the bytes ptr ?

Remove from the literal table: no. Depending on which literal table you
mean, this may even be disastrous: bytecodes index into this table.

Set the length to 0: not really, irrelevant. There are Tcl_Objs with 0
length anyway (the empty string), so length==0 is not a good signal for
'invalid string rep'. That is signalled by bytes==NULL.

The REAL question is: why are you invalidating the string rep of a
shared object?

The literal code assumes that this is never done: it doesn't make a lot
of sense (or else we're missing something). Remember EIAS and the COW
principle: a shared object is read-only, and any changes (shimmering?)
that you do to it have to preserve the string rep (which carries the
real identity of the object).

Miguel

EIAS: Everything Is A String
COW : Copy On Write