From 8556b1aba054954e5f7f386dc1833ca08fdb5e9f Mon Sep 17 00:00:00 2001
From: andreask <andreask>
Date: Wed, 20 Apr 2011 17:51:02 +0000
Subject: (TclFileAttrsCmd): Added commands to reset the typePtr of the
 Tcl_Obj* whose int-rep was just purged. Required to prevent a dangling
 IndexRep* to reused, smashing the heap. See also the entries at 2011-04-16
 and 2011-03-24 for the history of the problem.

Note also bug 2857044. This is the original report and fix of such issues for HEAD.
---
 ChangeLog         | 8 ++++++++
 generic/tclFCmd.c | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ddb6690..b2a324d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2011-04-20  Andreas Kupries  <andreask@activestate.com>
+
+	* generic/tclFCmd.c (TclFileAttrsCmd): Added commands to reset the
+	typePtr of the Tcl_Obj* whose int-rep was just purged. Required to
+	prevent a dangling IndexRep* to reused, smashing the heap. See
+	also the entries at 2011-04-16 and 2011-03-24 for the history of
+	the problem.
+
 2011-04-19  Don Porter  <dgp@users.sourceforge.net>
 
 	* generic/tclConfig.c:	Reduce internals access in the implementation
diff --git a/generic/tclFCmd.c b/generic/tclFCmd.c
index 5850846..2b4977b 100644
--- a/generic/tclFCmd.c
+++ b/generic/tclFCmd.c
@@ -1074,6 +1074,7 @@ TclFileAttrsCmd(
 	}
 	if (didAlloc) {
 	    TclFreeIntRep(objv[0]);
+	    objv[0]->typePtr = NULL;
 	}
 	if (Tcl_FSFileAttrsGet(interp, index, filePtr,
 		&objPtr) != TCL_OK) {
@@ -1101,6 +1102,7 @@ TclFileAttrsCmd(
     	    }
 	    if (didAlloc) {
 		TclFreeIntRep(objv[i]);
+		objv[i]->typePtr = NULL;
 	    }
 	    if (i + 1 == objc) {
 		Tcl_AppendResult(interp, "value for \"",
-- 
cgit v0.12