Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | closes [d051b77fc18d7340]: fixed segfault by integer overflow (if width by format like "%4000000000g" overflows to negative values by scan of length) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | core-8-5-branch |
Files: | files | file ages | folders |
SHA3-256: |
16846911c798f32dbc0b93fb326bc4e2 |
User & Date: | sebres 2018-07-26 15:57:38.333 |
Context
2018-07-26
| ||
16:46 | test cases added to cover width overflow by format (should cause limit exceeded) check-in: 3b55e9c1e1 user: sebres tags: core-8-5-branch | |
15:57 | closes [d051b77fc18d7340]: fixed segfault by integer overflow (if width by format like "%4000000000g... check-in: 16846911c7 user: sebres tags: core-8-5-branch | |
2018-07-12
| ||
14:17 | win: closes [3f7af0e21e13f1f5] - avoid "permissions denied" by `file delete`, if file stat (TclpObjS... check-in: 4af9ff473e user: sebres tags: core-8-5-branch | |
Changes
Changes to generic/tclStringObj.c.
︙ | ︙ | |||
1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 | /* * Step 3. Minimum field width. */ width = 0; if (isdigit(UCHAR(ch))) { width = strtoul(format, &end, 10); format = end; step = Tcl_UtfToUniChar(format, &ch); } else if (ch == '*') { if (objIndex >= objc - 1) { msg = badIndex[gotXpg]; goto errorMsg; } | > > > > | 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 | /* * Step 3. Minimum field width. */ width = 0; if (isdigit(UCHAR(ch))) { width = strtoul(format, &end, 10); if (width < 0) { msg = overflow; goto errorMsg; } format = end; step = Tcl_UtfToUniChar(format, &ch); } else if (ch == '*') { if (objIndex >= objc - 1) { msg = badIndex[gotXpg]; goto errorMsg; } |
︙ | ︙ |