Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | closes [d051b77fc18d7340]: fixed segfault by integer overflow (if width by format like "%4000000000g" overflows to negative values by scan of length) |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | core-8-5-branch |
| Files: | files | file ages | folders |
| SHA3-256: |
16846911c798f32dbc0b93fb326bc4e2 |
| User & Date: | sebres 2018-07-26 15:57:38.333 |
Context
|
2018-07-26
| ||
| 16:46 | test cases added to cover width overflow by format (should cause limit exceeded) check-in: 3b55e9c1e1 user: sebres tags: core-8-5-branch | |
| 15:57 | closes [d051b77fc18d7340]: fixed segfault by integer overflow (if width by format like "%4000000000g... check-in: 16846911c7 user: sebres tags: core-8-5-branch | |
|
2018-07-12
| ||
| 14:17 | win: closes [3f7af0e21e13f1f5] - avoid "permissions denied" by `file delete`, if file stat (TclpObjS... check-in: 4af9ff473e user: sebres tags: core-8-5-branch | |
Changes
Changes to generic/tclStringObj.c.
| ︙ | ︙ | |||
1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 |
/*
* Step 3. Minimum field width.
*/
width = 0;
if (isdigit(UCHAR(ch))) {
width = strtoul(format, &end, 10);
format = end;
step = Tcl_UtfToUniChar(format, &ch);
} else if (ch == '*') {
if (objIndex >= objc - 1) {
msg = badIndex[gotXpg];
goto errorMsg;
}
| > > > > | 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 |
/*
* Step 3. Minimum field width.
*/
width = 0;
if (isdigit(UCHAR(ch))) {
width = strtoul(format, &end, 10);
if (width < 0) {
msg = overflow;
goto errorMsg;
}
format = end;
step = Tcl_UtfToUniChar(format, &ch);
} else if (ch == '*') {
if (objIndex >= objc - 1) {
msg = badIndex[gotXpg];
goto errorMsg;
}
|
| ︙ | ︙ |