[268b23df11] When GetSrcInfoForPc() returns NULL, make sure it also sets

the length to a non-positive value so nothing tries to read offsets from
a NULL pointer.

2 files changed, 20 insertions, 8 deletions

diff --git a/generic/tclExecute.c b/generic/tclExecute.c
index 43c2b08..5957951 100644
--- a/generic/tclExecute.c
+++ b/generic/tclExecute.c
@@ -9995,10 +9995,8 @@ GetSrcInfoForPc(
     int bestSrcLength = -1;	/* Initialized to avoid compiler warning. */
     int bestCmdIdx = -1;
 
-    if ((pcOffset < 0) || (pcOffset >= codePtr->numCodeBytes)) {
-	if (pcBeg != NULL) *pcBeg = NULL;
-	return NULL;
-    }
+    /* The pc must point within the bytecode */
+    assert ((pcOffset >= 0) && (pcOffset < codePtr->numCodeBytes));
 
     /*
      * Decode the code and source offset and length for each command. The
@@ -10083,10 +10081,6 @@ GetSrcInfoForPc(
 	*pcBeg = prev;
     }
 
-    if (bestDist == INT_MAX) {
-	return NULL;
-    }
-
     if (lengthPtr != NULL) {
 	*lengthPtr = bestSrcLength;
     }
@@ -10095,6 +10089,10 @@ GetSrcInfoForPc(
 	*cmdIdxPtr = bestCmdIdx;
     }
 
+    if (bestDist == INT_MAX) {
+	return NULL;
+    }
+
     return (codePtr->source + bestSrcOffset);
 }
 
diff --git a/tests/execute.test b/tests/execute.test
index 94af158..aaf4bc0 100644
--- a/tests/execute.test
+++ b/tests/execute.test
@@ -1043,6 +1043,20 @@ test execute-11.1 {Bug 3142026: GrowEvaluationStack off-by-one} -setup {
 } -cleanup {
     interp delete slave
 } -result ok
+
+test execute-11.2 {Bug 268b23df11} -setup {
+    proc zero {} {return 0}
+    proc crash {} {expr {abs([zero])}}
+    proc noop args {}
+    trace add execution crash enterstep noop
+} -body {
+    crash
+} -cleanup {
+    trace remove execution crash enterstep noop
+    rename noop {}
+    rename crash {}
+    rename zero {}
+} -result 0
 
 # cleanup
 if {[info commands testobj] != {}} {