diff options
author | dkf <donal.k.fellows@manchester.ac.uk> | 2011-08-30 00:23:16 (GMT) |
---|---|---|
committer | dkf <donal.k.fellows@manchester.ac.uk> | 2011-08-30 00:23:16 (GMT) |
commit | b8db328a5dc663435c02e2b2a67f3d66e16602c9 (patch) | |
tree | 7190b01a6ab49b73109282aaa892db8e46c80128 | |
parent | 962035b9e88c81c37b472d73da55dbba9534756a (diff) | |
parent | c920fce750db18f523a53b78892cb2c1610f5fcc (diff) | |
download | tcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.zip tcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.tar.gz tcl-b8db328a5dc663435c02e2b2a67f3d66e16602c9.tar.bz2 |
[Bug 3398794]: Use Tcl errors in scripts, not panics.
-rw-r--r-- | ChangeLog | 92 | ||||
-rw-r--r-- | generic/tclInterp.c | 26 | ||||
-rw-r--r-- | tests/interp.test | 12 |
3 files changed, 84 insertions, 46 deletions
@@ -1,7 +1,15 @@ +2011-08-30 Donal K. Fellows <dkf@users.sf.net> + + * generic/tclInterp.c (SlaveCommandLimitCmd, SlaveTimeLimitCmd): + [Bug 3398794]: Ensure that low-level conditions in the limit API are + enforced at the script level through errors, not a Tcl_Panic. This + means that interpreters cannot read their own limits (writing already + did not work). + 2011-08-30 Reinhard Max <max@suse.de> - * unix/tclUnixSock.c (TcpWatchProc): Put back the check for server - sockets (bug #3394732). + * unix/tclUnixSock.c (TcpWatchProc): [Bug 3394732]: Put back the check + for server sockets. 2011-08-29 Don Porter <dgp@users.sourceforge.net> @@ -9,20 +17,20 @@ 2011-08-27 Don Porter <dgp@users.sourceforge.net> - * generic/tclStringObj.c: [RFE 3396731] Revise the [string reverse] + * generic/tclStringObj.c: [RFE 3396731]: Revise the [string reverse] * tests/string.test: implementation to operate on the representation that comes in, avoid conversion to other reps. 2011-08-23 Don Porter <dgp@users.sourceforge.net> - * generic/tclIORChan.c: [Bug 3396948] Leak of ReflectedChannelMap. + * generic/tclIORChan.c: [Bug 3396948]: Leak of ReflectedChannelMap. 2011-08-19 Don Porter <dgp@users.sourceforge.net> - * generic/tclIORTrans.c: [Bugs 3393279, 3393280] ReflectClose(.) is + * generic/tclIORTrans.c: [Bugs 3393279, 3393280]: ReflectClose(.) is missing Tcl_EventuallyFree() calls at some of its exits. - * generic/tclIO.c: [Bugs 3394654, 3393276] Revise FlushChannel() to + * generic/tclIO.c: [Bugs 3394654, 3393276]: Revise FlushChannel() to account for the possibility that the ChanWrite() call might recycle the buffer out from under us. @@ -31,22 +39,22 @@ 2011-08-19 Alexandre Ferrieux <ferrieux@users.sourceforge.net> - * generic/tclTest.c: [Bug 2981154] async-4.3 segfault. - * tests/async.test: [Bug 1774689] async-4.3 sometimes fails. + * generic/tclTest.c: [Bug 2981154]: async-4.3 segfault. + * tests/async.test: [Bug 1774689]: async-4.3 sometimes fails. 2011-08-18 Alexandre Ferrieux <ferrieux@users.sourceforge.net> - * generic/tclIO.c: [Bug 3096275] Sync fcopy buffers input. + * generic/tclIO.c: [Bug 3096275]: Sync fcopy buffers input. 2011-08-18 Jan Nijtmans <nijtmans@users.sf.net> - * generic/tclUniData.c: [Bug 3393714] overflow in toupper delta + * generic/tclUniData.c: [Bug 3393714]: Overflow in toupper delta * tools/uniParse.tcl * tests/utf.test 2011-08-17 Alexandre Ferrieux <ferrieux@users.sourceforge.net> - * generic/tclIO.c: [Bug 2946474] Consistently resume backgrounded + * generic/tclIO.c: [Bug 2946474]: Consistently resume backgrounded * tests/ioCmd.test: flushes+closes when exiting. 2011-08-17 Alexandre Ferrieux <ferrieux@users.sourceforge.net> @@ -55,12 +63,12 @@ 2011-08-17 Don Porter <dgp@users.sourceforge.net> - * generic/tclGet.c: [Bug 3393150] Overlooked free of intreps. + * generic/tclGet.c: [Bug 3393150]: Overlooked free of intreps. (It matters for bignums!) 2011-08-16 Don Porter <dgp@users.sourceforge.net> - * generic/tclCompile.c: [Bug 3392070] More complete prevention of + * generic/tclCompile.c: [Bug 3392070]: More complete prevention of Tcl_Obj reference cycles when producing an intrep of ByteCode. 2011-08-16 Donal K. Fellows <dkf@users.sf.net> @@ -181,7 +189,7 @@ * generic/tclIOSock.c (TclCreateSocketAddress): Don't bother using AI_ADDRCONFIG for now, as it was causing problems in various situations. - + 2011-08-04 Donal K. Fellows <dkf@users.sf.net> * generic/tclAssembly.c (AssembleOneLine, GetBooleanOperand) @@ -348,16 +356,16 @@ * unix/Makefile.in: * win/Makefile.in: * win/Makefile.vc: - Fix a bug where bignum->double conversion is "round up" and - not "round to nearest" (causing expr double(1[string repeat 0 23]) - not to be 1e+23). [Bug 3349507] + [Bug 3349507]: Fix a bug where bignum->double conversion is "round up" + and not "round to nearest" (causing expr double(1[string repeat 0 23]) + not to be 1e+23). 2011-06-28 Reinhard Max <max@suse.de> - * unix/tclUnixSock.c (CreateClientSocket): Fix and simplify - posting of the writable fileevent at the end of an asynchronous - connection attempt. Improve comments for some of the trickery - around [socket -async]. [Bug 3325339] + * unix/tclUnixSock.c (CreateClientSocket): [Bug 3325339]: Fix and + simplify posting of the writable fileevent at the end of an + asynchronous connection attempt. Improve comments for some of the + trickery around [socket -async]. * tests/socket.test: Adjust tests to the async code changes. Add more tests for corner cases of async sockets. @@ -385,12 +393,12 @@ 2011-06-21 Don Porter <dgp@users.sourceforge.net> - * generic/tclLink.c: Prevent multiple links to a single Tcl - variable when calling Tcl_LinkVar(). [Bug 3317466] + * generic/tclLink.c: [Bug 3317466]: Prevent multiple links to a + single Tcl variable when calling Tcl_LinkVar(). 2011-06-13 Don Porter <dgp@users.sourceforge.net> - * generic/tclStrToD.c: [Bug 3315098] Mem leak fix from Gustaf Neumann. + * generic/tclStrToD.c: [Bug 3315098]: Mem leak fix from Gustaf Neumann. 2011-06-08 Andreas Kupries <andreask@activestate.com> @@ -746,10 +754,10 @@ 2011-04-04 Don Porter <dgp@users.sourceforge.net> - * README: Updated README files, repairing broken URLs and - * macosx/README: removing other bits that were clearly wrong. + * README: [Bug 3202030]: Updated README files, repairing broken + * macosx/README:URLs and removing other bits that were clearly wrong. * unix/README: Still could use more eyeballs on the detailed build - * win/README: advice on various plaforms. [Bug 3202030] + * win/README: advice on various plaforms. 2011-04-04 Donal K. Fellows <dkf@users.sf.net> @@ -973,10 +981,10 @@ 2011-03-09 Don Porter <dgp@users.sourceforge.net> - * generic/tclNamesp.c: Tighten the detector of nested [namespace code] - * tests/namespace.test: quoting that the quoted scripts function - properly even in a namespace that contains a custom "namespace" - command. [Bug 3202171] + * generic/tclNamesp.c: [Bug 3202171]: Tighten the detector of nested + * tests/namespace.test: [namespace code] quoting that the quoted + scripts function properly even in a namespace that contains a custom + "namespace" command. * doc/tclvars.n: Formatting fix. Thanks to Pat Thotys. @@ -999,8 +1007,8 @@ * generic/tclInt.h: Remove TclMarkList() routine, an experimental * generic/tclUtil.c: dead-end from the 8.5 alpha days. - * generic/tclResult.c (ResetObjResult): Correct failure to clear - invalid intrep. Thanks to Colin McDonald. [Bug 3202905] + * generic/tclResult.c (ResetObjResult): [Bug 3202905]: Correct failure + to clear invalid intrep. Thanks to Colin McDonald. 2011-03-08 Donal K. Fellows <dkf@users.sf.net> @@ -1015,13 +1023,13 @@ * generic/tclParse.c: * generic/tclUtil.c: - * generic/tclUtil.c (TclFindElement): Guard escape sequence scans - to not overrun the string end. [Bug 3192636] + * generic/tclUtil.c (TclFindElement): [Bug 3192636]: Guard escape + sequence scans to not overrun the string end. 2011-03-05 Don Porter <dgp@users.sourceforge.net> - * generic/tclParse.c (TclParseBackslash): Correct trunction checks in - * tests/parse.test: \x and \u substitutions. [Bug 3200987] + * generic/tclParse.c (TclParseBackslash): [Bug 3200987]: Correct + * tests/parse.test: trunction checks in \x and \u substitutions. 2011-03-05 Miguel Sofer <msofer@users.sf.net> @@ -1094,17 +1102,17 @@ * generic/tclStubInit.c: * win/makefile.vc: - * generic/tclExecute.c (ExprObjCallback): fix object leak + * generic/tclExecute.c (ExprObjCallback): Fix object leak - * generic/tclExecute.c (TEBCresume): store local var array and + * generic/tclExecute.c (TEBCresume): Store local var array and constants in automatic vars to reduce indirection, slight perf increase - * generic/tclOOCall.c (TclOODeleteContext): added missing '*' so + * generic/tclOOCall.c (TclOODeleteContext): Added missing '*' so that trunk compiles. - * generic/tclBasic.c (TclNRRunCallbacks): don't do the trampoline - dance for commands that do not have an nreProc, [Patch 3168229] + * generic/tclBasic.c (TclNRRunCallbacks): [Patch 3168229]: Don't do + the trampoline dance for commands that do not have an nreProc. 2011-03-01 Donal K. Fellows <dkf@users.sf.net> diff --git a/generic/tclInterp.c b/generic/tclInterp.c index a156a57..5b6d14f 100644 --- a/generic/tclInterp.c +++ b/generic/tclInterp.c @@ -4345,6 +4345,19 @@ SlaveCommandLimitCmd( ScriptLimitCallback *limitCBPtr; Tcl_HashEntry *hPtr; + /* + * First, ensure that we are not reading or writing the calling + * interpreter's limits; it may only manipulate its children. Note that + * the low level API enforces this with Tcl_Panic, which we want to + * avoid. [Bug 3398794] + */ + + if (interp == slaveInterp) { + Tcl_AppendResult(interp, + "limits on current interpreter inaccessible", NULL); + return TCL_ERROR; + } + if (objc == consumedObjc) { Tcl_Obj *dictPtr; @@ -4519,6 +4532,19 @@ SlaveTimeLimitCmd( ScriptLimitCallback *limitCBPtr; Tcl_HashEntry *hPtr; + /* + * First, ensure that we are not reading or writing the calling + * interpreter's limits; it may only manipulate its children. Note that + * the low level API enforces this with Tcl_Panic, which we want to + * avoid. [Bug 3398794] + */ + + if (interp == slaveInterp) { + Tcl_AppendResult(interp, + "limits on current interpreter inaccessible", NULL); + return TCL_ERROR; + } + if (objc == consumedObjc) { Tcl_Obj *dictPtr; diff --git a/tests/interp.test b/tests/interp.test index 35f6824..c146355 100644 --- a/tests/interp.test +++ b/tests/interp.test @@ -584,7 +584,6 @@ test interp-14.10 {testing interp-alias: error messages} -setup { invoked from within "a 1"} - # part 15: testing file sharing test interp-15.1 {testing file sharing} { catch {interp delete z} @@ -665,8 +664,7 @@ test interp-15.8 {testing file transferring} -body { # Torture tests for interpreter deletion order # proc kill {} {interp delete xxx} - -test interp-15.9 {testing deletion order} { +test interp-16.0 {testing deletion order} { catch {interp delete xxx} interp create xxx xxx alias kill kill @@ -3497,6 +3495,13 @@ test interp-35.22 {interp time limits normalize milliseconds} -body { } -cleanup { interp delete $i } -result {2 500} +# Bug 3398794 +test interp-35.23 {interp command limits can't touch current interp} -body { + interp limit {} commands -value 10 +} -returnCodes error -result {limits on current interpreter inaccessible} +test interp-35.24 {interp time limits can't touch current interp} -body { + interp limit {} time -seconds 2 +} -returnCodes error -result {limits on current interpreter inaccessible} test interp-36.1 {interp bgerror syntax} -body { interp bgerror @@ -3610,7 +3615,6 @@ test interp-38.8 {interp debug basic setup} -body { } -returnCodes { error } -result {wrong # args: should be "interp debug path ?-frame ?bool??"} - # cleanup unset -nocomplain hidden_cmds |