On 3/16/2020 4:09 AM, Christopher Chavez wrote:
To partially answer my own question:
there are some compile-time techniques to try like -DPURIFY
https://wiki.tcl-lang.org/page/How+to+debug+memory+faults+in+Tcl+and+extensions
After build from upstream sources (Tcl/Tk core-8-6-branch and
TkTable 2.11 -- no Debian/Ubuntu Tcl/Tk packages) with -DPURIFY,
the error is revealed to be a double free. The addresses involved
correspond to strings allocated for environment variable(s)
set by Tktable (tkTableInitScript.h).
A simpler program without Tk or Tktable reveals the same issue:
use Tcl;
my $i = new Tcl;
$i->Init;
$i->Eval('set env(FOO) bar');
Command line output:
free(): double free detected in tcache 2
Aborted (core dumped)
Valgrind output:
==13666== Invalid free() / delete / delete[] / realloc()
==13666== at 0x48369AB: free (vg_replace_malloc.c:530)
==13666== by 0x162304: perl_destruct (in /usr/bin/perl)
==13666== by 0x13C3DB: main (in /usr/bin/perl)
==13666== Address 0x5229a20 is 0 bytes inside a block of size 8 free'd
==13666== at 0x48369AB: free (vg_replace_malloc.c:530)
==13666== by 0x543EE86: TclpFree (tclAlloc.c:722)
==13666== by 0x5517935: TclFinalizeEnvironment (tclEnv.c:768)
==13666== by 0x5519268: Tcl_Finalize (tclEvent.c:1151)
==13666== by 0x485123D: XS_Tcl__Finalize (Tcl.xs:1449)
==13666== by 0x1F4360: Perl_pp_entersub (in /usr/bin/perl)
==13666== by 0x1EA685: Perl_runops_standard (in /usr/bin/perl)
==13666== by 0x15DF61: Perl_call_sv (in /usr/bin/perl)
==13666== by 0x160AC3: Perl_call_list (in /usr/bin/perl)
==13666== by 0x16235E: perl_destruct (in /usr/bin/perl)
==13666== by 0x13C3DB: main (in /usr/bin/perl)
==13666== Block was alloc'd at
==13666== at 0x4837D7B: realloc (vg_replace_malloc.c:826)
==13666== by 0x543EEAA: TclpRealloc (tclAlloc.c:747)
==13666== by 0x5456E8D: Tcl_Realloc (tclCkalloc.c:1147)
==13666== by 0x55172A9: TclSetEnv (tclEnv.c:317)
==13666== by 0x5517688: EnvTraceProc (tclEnv.c:636)
==13666== by 0x55A0B69: TclCallVarTraces (tclTrace.c:2678)
==13666== by 0x55A0860: TclObjCallVarTraces (tclTrace.c:2564)
==13666== by 0x55AAFDB: TclPtrSetVarIdx (tclVar.c:2001)
==13666== by 0x55AA957: Tcl_ObjSetVar2 (tclVar.c:1770)
==13666== by 0x55AA609: Tcl_SetObjCmd (tclVar.c:1529)
==13666== by 0x544A42A: Dispatch (tclBasic.c:4456)
==13666== by 0x544A4B0: TclNRRunCallbacks (tclBasic.c:4492)
==13666== by 0x5449D83: Tcl_EvalObjv (tclBasic.c:4215)
==13666== by 0x544C1AB: TclEvalEx (tclBasic.c:5361)
==13666== by 0x544B571: Tcl_EvalEx (tclBasic.c:5026)
==13666== by 0x48525A8: XS_Tcl_Eval (Tcl.xs:1097)
==13666== by 0x1F4360: Perl_pp_entersub (in /usr/bin/perl)
==13666== by 0x1EA685: Perl_runops_standard (in /usr/bin/perl)
==13666== by 0x166116: perl_run (in /usr/bin/perl)
==13666== by 0x13C401: main (in /usr/bin/perl)
==13666==
==13666== Invalid free() / delete / delete[] / realloc()
==13666== at 0x48369AB: free (vg_replace_malloc.c:530)
==13666== by 0x162322: perl_destruct (in /usr/bin/perl)
==13666== by 0x13C3DB: main (in /usr/bin/perl)
==13666== Address 0x5229810 is 0 bytes inside a block of size 376 free'd
==13666== at 0x48369AB: free (vg_replace_malloc.c:530)
==13666== by 0x543EE86: TclpFree (tclAlloc.c:722)
==13666== by 0x5517983: TclFinalizeEnvironment (tclEnv.c:776)
==13666== by 0x5519268: Tcl_Finalize (tclEvent.c:1151)
==13666== by 0x485123D: XS_Tcl__Finalize (Tcl.xs:1449)
==13666== by 0x1F4360: Perl_pp_entersub (in /usr/bin/perl)
==13666== by 0x1EA685: Perl_runops_standard (in /usr/bin/perl)
==13666== by 0x15DF61: Perl_call_sv (in /usr/bin/perl)
==13666== by 0x160AC3: Perl_call_list (in /usr/bin/perl)
==13666== by 0x16235E: perl_destruct (in /usr/bin/perl)
==13666== by 0x13C3DB: main (in /usr/bin/perl)
==13666== Block was alloc'd at
==13666== at 0x483577F: malloc (vg_replace_malloc.c:299)
==13666== by 0x543EE6C: TclpAlloc (tclAlloc.c:699)
==13666== by 0x5456D99: Tcl_Alloc (tclCkalloc.c:1059)
==13666== by 0x5517074: TclSetEnv (tclEnv.c:263)
==13666== by 0x5517688: EnvTraceProc (tclEnv.c:636)
==13666== by 0x55A0B69: TclCallVarTraces (tclTrace.c:2678)
==13666== by 0x55A0860: TclObjCallVarTraces (tclTrace.c:2564)
==13666== by 0x55AAFDB: TclPtrSetVarIdx (tclVar.c:2001)
==13666== by 0x55AA957: Tcl_ObjSetVar2 (tclVar.c:1770)
==13666== by 0x55AA609: Tcl_SetObjCmd (tclVar.c:1529)
==13666== by 0x544A42A: Dispatch (tclBasic.c:4456)
==13666== by 0x544A4B0: TclNRRunCallbacks (tclBasic.c:4492)
==13666== by 0x5449D83: Tcl_EvalObjv (tclBasic.c:4215)
==13666== by 0x544C1AB: TclEvalEx (tclBasic.c:5361)
==13666== by 0x544B571: Tcl_EvalEx (tclBasic.c:5026)
==13666== by 0x48525A8: XS_Tcl_Eval (Tcl.xs:1097)
==13666== by 0x1F4360: Perl_pp_entersub (in /usr/bin/perl)
==13666== by 0x1EA685: Perl_runops_standard (in /usr/bin/perl)
==13666== by 0x166116: perl_run (in /usr/bin/perl)
==13666== by 0x13C401: main (in /usr/bin/perl)
(Note that I built Tcl/Tk with threads, since that is how Debian/Ubuntu
Tcl/Tk are built; not yet sure if that affects this issue. Using system
Perl vs self-compiled Perl should not be a factor, since Travis CI uses
Perlbrew whereas I've used the system Perl.)
Christopher A. Chavez
