summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordkf <donal.k.fellows@manchester.ac.uk>2011-08-30 00:23:16 (GMT)
committerdkf <donal.k.fellows@manchester.ac.uk>2011-08-30 00:23:16 (GMT)
commitb8db328a5dc663435c02e2b2a67f3d66e16602c9 (patch)
tree7190b01a6ab49b73109282aaa892db8e46c80128
parent962035b9e88c81c37b472d73da55dbba9534756a (diff)
parentc920fce750db18f523a53b78892cb2c1610f5fcc (diff)
downloadtcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.zip
tcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.tar.gz
tcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.tar.bz2
[Bug 3398794]: Use Tcl errors in scripts, not panics.
-rw-r--r--ChangeLog92
-rw-r--r--generic/tclInterp.c26
-rw-r--r--tests/interp.test12
3 files changed, 84 insertions, 46 deletions
diff --git a/ChangeLog b/ChangeLog
index 05f864a..746955a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,15 @@
+2011-08-30 Donal K. Fellows <dkf@users.sf.net>
+
+ * generic/tclInterp.c (SlaveCommandLimitCmd, SlaveTimeLimitCmd):
+ [Bug 3398794]: Ensure that low-level conditions in the limit API are
+ enforced at the script level through errors, not a Tcl_Panic. This
+ means that interpreters cannot read their own limits (writing already
+ did not work).
+
2011-08-30 Reinhard Max <max@suse.de>
- * unix/tclUnixSock.c (TcpWatchProc): Put back the check for server
- sockets (bug #3394732).
+ * unix/tclUnixSock.c (TcpWatchProc): [Bug 3394732]: Put back the check
+ for server sockets.
2011-08-29 Don Porter <dgp@users.sourceforge.net>
@@ -9,20 +17,20 @@
2011-08-27 Don Porter <dgp@users.sourceforge.net>
- * generic/tclStringObj.c: [RFE 3396731] Revise the [string reverse]
+ * generic/tclStringObj.c: [RFE 3396731]: Revise the [string reverse]
* tests/string.test: implementation to operate on the representation
that comes in, avoid conversion to other reps.
2011-08-23 Don Porter <dgp@users.sourceforge.net>
- * generic/tclIORChan.c: [Bug 3396948] Leak of ReflectedChannelMap.
+ * generic/tclIORChan.c: [Bug 3396948]: Leak of ReflectedChannelMap.
2011-08-19 Don Porter <dgp@users.sourceforge.net>
- * generic/tclIORTrans.c: [Bugs 3393279, 3393280] ReflectClose(.) is
+ * generic/tclIORTrans.c: [Bugs 3393279, 3393280]: ReflectClose(.) is
missing Tcl_EventuallyFree() calls at some of its exits.
- * generic/tclIO.c: [Bugs 3394654, 3393276] Revise FlushChannel() to
+ * generic/tclIO.c: [Bugs 3394654, 3393276]: Revise FlushChannel() to
account for the possibility that the ChanWrite() call might recycle
the buffer out from under us.
@@ -31,22 +39,22 @@
2011-08-19 Alexandre Ferrieux <ferrieux@users.sourceforge.net>
- * generic/tclTest.c: [Bug 2981154] async-4.3 segfault.
- * tests/async.test: [Bug 1774689] async-4.3 sometimes fails.
+ * generic/tclTest.c: [Bug 2981154]: async-4.3 segfault.
+ * tests/async.test: [Bug 1774689]: async-4.3 sometimes fails.
2011-08-18 Alexandre Ferrieux <ferrieux@users.sourceforge.net>
- * generic/tclIO.c: [Bug 3096275] Sync fcopy buffers input.
+ * generic/tclIO.c: [Bug 3096275]: Sync fcopy buffers input.
2011-08-18 Jan Nijtmans <nijtmans@users.sf.net>
- * generic/tclUniData.c: [Bug 3393714] overflow in toupper delta
+ * generic/tclUniData.c: [Bug 3393714]: Overflow in toupper delta
* tools/uniParse.tcl
* tests/utf.test
2011-08-17 Alexandre Ferrieux <ferrieux@users.sourceforge.net>
- * generic/tclIO.c: [Bug 2946474] Consistently resume backgrounded
+ * generic/tclIO.c: [Bug 2946474]: Consistently resume backgrounded
* tests/ioCmd.test: flushes+closes when exiting.
2011-08-17 Alexandre Ferrieux <ferrieux@users.sourceforge.net>
@@ -55,12 +63,12 @@
2011-08-17 Don Porter <dgp@users.sourceforge.net>
- * generic/tclGet.c: [Bug 3393150] Overlooked free of intreps.
+ * generic/tclGet.c: [Bug 3393150]: Overlooked free of intreps.
(It matters for bignums!)
2011-08-16 Don Porter <dgp@users.sourceforge.net>
- * generic/tclCompile.c: [Bug 3392070] More complete prevention of
+ * generic/tclCompile.c: [Bug 3392070]: More complete prevention of
Tcl_Obj reference cycles when producing an intrep of ByteCode.
2011-08-16 Donal K. Fellows <dkf@users.sf.net>
@@ -181,7 +189,7 @@
* generic/tclIOSock.c (TclCreateSocketAddress): Don't bother using
AI_ADDRCONFIG for now, as it was causing problems in various
situations.
-
+
2011-08-04 Donal K. Fellows <dkf@users.sf.net>
* generic/tclAssembly.c (AssembleOneLine, GetBooleanOperand)
@@ -348,16 +356,16 @@
* unix/Makefile.in:
* win/Makefile.in:
* win/Makefile.vc:
- Fix a bug where bignum->double conversion is "round up" and
- not "round to nearest" (causing expr double(1[string repeat 0 23])
- not to be 1e+23). [Bug 3349507]
+ [Bug 3349507]: Fix a bug where bignum->double conversion is "round up"
+ and not "round to nearest" (causing expr double(1[string repeat 0 23])
+ not to be 1e+23).
2011-06-28 Reinhard Max <max@suse.de>
- * unix/tclUnixSock.c (CreateClientSocket): Fix and simplify
- posting of the writable fileevent at the end of an asynchronous
- connection attempt. Improve comments for some of the trickery
- around [socket -async]. [Bug 3325339]
+ * unix/tclUnixSock.c (CreateClientSocket): [Bug 3325339]: Fix and
+ simplify posting of the writable fileevent at the end of an
+ asynchronous connection attempt. Improve comments for some of the
+ trickery around [socket -async].
* tests/socket.test: Adjust tests to the async code changes. Add
more tests for corner cases of async sockets.
@@ -385,12 +393,12 @@
2011-06-21 Don Porter <dgp@users.sourceforge.net>
- * generic/tclLink.c: Prevent multiple links to a single Tcl
- variable when calling Tcl_LinkVar(). [Bug 3317466]
+ * generic/tclLink.c: [Bug 3317466]: Prevent multiple links to a
+ single Tcl variable when calling Tcl_LinkVar().
2011-06-13 Don Porter <dgp@users.sourceforge.net>
- * generic/tclStrToD.c: [Bug 3315098] Mem leak fix from Gustaf Neumann.
+ * generic/tclStrToD.c: [Bug 3315098]: Mem leak fix from Gustaf Neumann.
2011-06-08 Andreas Kupries <andreask@activestate.com>
@@ -746,10 +754,10 @@
2011-04-04 Don Porter <dgp@users.sourceforge.net>
- * README: Updated README files, repairing broken URLs and
- * macosx/README: removing other bits that were clearly wrong.
+ * README: [Bug 3202030]: Updated README files, repairing broken
+ * macosx/README:URLs and removing other bits that were clearly wrong.
* unix/README: Still could use more eyeballs on the detailed build
- * win/README: advice on various plaforms. [Bug 3202030]
+ * win/README: advice on various plaforms.
2011-04-04 Donal K. Fellows <dkf@users.sf.net>
@@ -973,10 +981,10 @@
2011-03-09 Don Porter <dgp@users.sourceforge.net>
- * generic/tclNamesp.c: Tighten the detector of nested [namespace code]
- * tests/namespace.test: quoting that the quoted scripts function
- properly even in a namespace that contains a custom "namespace"
- command. [Bug 3202171]
+ * generic/tclNamesp.c: [Bug 3202171]: Tighten the detector of nested
+ * tests/namespace.test: [namespace code] quoting that the quoted
+ scripts function properly even in a namespace that contains a custom
+ "namespace" command.
* doc/tclvars.n: Formatting fix. Thanks to Pat Thotys.
@@ -999,8 +1007,8 @@
* generic/tclInt.h: Remove TclMarkList() routine, an experimental
* generic/tclUtil.c: dead-end from the 8.5 alpha days.
- * generic/tclResult.c (ResetObjResult): Correct failure to clear
- invalid intrep. Thanks to Colin McDonald. [Bug 3202905]
+ * generic/tclResult.c (ResetObjResult): [Bug 3202905]: Correct failure
+ to clear invalid intrep. Thanks to Colin McDonald.
2011-03-08 Donal K. Fellows <dkf@users.sf.net>
@@ -1015,13 +1023,13 @@
* generic/tclParse.c:
* generic/tclUtil.c:
- * generic/tclUtil.c (TclFindElement): Guard escape sequence scans
- to not overrun the string end. [Bug 3192636]
+ * generic/tclUtil.c (TclFindElement): [Bug 3192636]: Guard escape
+ sequence scans to not overrun the string end.
2011-03-05 Don Porter <dgp@users.sourceforge.net>
- * generic/tclParse.c (TclParseBackslash): Correct trunction checks in
- * tests/parse.test: \x and \u substitutions. [Bug 3200987]
+ * generic/tclParse.c (TclParseBackslash): [Bug 3200987]: Correct
+ * tests/parse.test: trunction checks in \x and \u substitutions.
2011-03-05 Miguel Sofer <msofer@users.sf.net>
@@ -1094,17 +1102,17 @@
* generic/tclStubInit.c:
* win/makefile.vc:
- * generic/tclExecute.c (ExprObjCallback): fix object leak
+ * generic/tclExecute.c (ExprObjCallback): Fix object leak
- * generic/tclExecute.c (TEBCresume): store local var array and
+ * generic/tclExecute.c (TEBCresume): Store local var array and
constants in automatic vars to reduce indirection, slight perf
increase
- * generic/tclOOCall.c (TclOODeleteContext): added missing '*' so
+ * generic/tclOOCall.c (TclOODeleteContext): Added missing '*' so
that trunk compiles.
- * generic/tclBasic.c (TclNRRunCallbacks): don't do the trampoline
- dance for commands that do not have an nreProc, [Patch 3168229]
+ * generic/tclBasic.c (TclNRRunCallbacks): [Patch 3168229]: Don't do
+ the trampoline dance for commands that do not have an nreProc.
2011-03-01 Donal K. Fellows <dkf@users.sf.net>
diff --git a/generic/tclInterp.c b/generic/tclInterp.c
index a156a57..5b6d14f 100644
--- a/generic/tclInterp.c
+++ b/generic/tclInterp.c
@@ -4345,6 +4345,19 @@ SlaveCommandLimitCmd(
ScriptLimitCallback *limitCBPtr;
Tcl_HashEntry *hPtr;
+ /*
+ * First, ensure that we are not reading or writing the calling
+ * interpreter's limits; it may only manipulate its children. Note that
+ * the low level API enforces this with Tcl_Panic, which we want to
+ * avoid. [Bug 3398794]
+ */
+
+ if (interp == slaveInterp) {
+ Tcl_AppendResult(interp,
+ "limits on current interpreter inaccessible", NULL);
+ return TCL_ERROR;
+ }
+
if (objc == consumedObjc) {
Tcl_Obj *dictPtr;
@@ -4519,6 +4532,19 @@ SlaveTimeLimitCmd(
ScriptLimitCallback *limitCBPtr;
Tcl_HashEntry *hPtr;
+ /*
+ * First, ensure that we are not reading or writing the calling
+ * interpreter's limits; it may only manipulate its children. Note that
+ * the low level API enforces this with Tcl_Panic, which we want to
+ * avoid. [Bug 3398794]
+ */
+
+ if (interp == slaveInterp) {
+ Tcl_AppendResult(interp,
+ "limits on current interpreter inaccessible", NULL);
+ return TCL_ERROR;
+ }
+
if (objc == consumedObjc) {
Tcl_Obj *dictPtr;
diff --git a/tests/interp.test b/tests/interp.test
index 35f6824..c146355 100644
--- a/tests/interp.test
+++ b/tests/interp.test
@@ -584,7 +584,6 @@ test interp-14.10 {testing interp-alias: error messages} -setup {
invoked from within
"a 1"}
-
# part 15: testing file sharing
test interp-15.1 {testing file sharing} {
catch {interp delete z}
@@ -665,8 +664,7 @@ test interp-15.8 {testing file transferring} -body {
# Torture tests for interpreter deletion order
#
proc kill {} {interp delete xxx}
-
-test interp-15.9 {testing deletion order} {
+test interp-16.0 {testing deletion order} {
catch {interp delete xxx}
interp create xxx
xxx alias kill kill
@@ -3497,6 +3495,13 @@ test interp-35.22 {interp time limits normalize milliseconds} -body {
} -cleanup {
interp delete $i
} -result {2 500}
+# Bug 3398794
+test interp-35.23 {interp command limits can't touch current interp} -body {
+ interp limit {} commands -value 10
+} -returnCodes error -result {limits on current interpreter inaccessible}
+test interp-35.24 {interp time limits can't touch current interp} -body {
+ interp limit {} time -seconds 2
+} -returnCodes error -result {limits on current interpreter inaccessible}
test interp-36.1 {interp bgerror syntax} -body {
interp bgerror
@@ -3610,7 +3615,6 @@ test interp-38.8 {interp debug basic setup} -body {
} -returnCodes {
error
} -result {wrong # args: should be "interp debug path ?-frame ?bool??"}
-
# cleanup
unset -nocomplain hidden_cmds