Backport of fix for first part of [Bug 1810264]

author: dkf <donal.k.fellows@manchester.ac.uk> 2007-10-30 10:27:33 (GMT)
committer: dkf <donal.k.fellows@manchester.ac.uk> 2007-10-30 10:27:33 (GMT)
commit: 36ea3f27001c99cbc7cb3cae6894efaffe7fb512 (patch)
tree: a39e92094fa8fa6c997baa1e9d37be96a31bd97d
parent: 004324cca99a52563cd03e1b7f98b924a3db8d5f (diff)
download: tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.zip
tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.tar.gz
tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.tar.bz2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5d44f33..117f812 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-10-30  Donal K. Fellows  <donal.k.fellows@man.ac.uk>
+
+	* generic/regc_lex.c (lexescape): Ensure that backreference numbers
+	can't overflow a signed int in a way that breaks things. [Bug 1810264]
+
 2007-10-15  Miguel Sofer  <msofer@users.sf.net>
 
 	* generic/tclParse.c (Tcl_ParseBraces): fix for possible read
diff --git a/generic/regc_lex.c b/generic/regc_lex.c
index 1acc3f4..588718d 100644
--- a/generic/regc_lex.c
+++ b/generic/regc_lex.c
@@ -783,7 +783,7 @@ struct vars *v;
 		if (ISERR())
 			FAILW(REG_EESCAPE);
 		/* ugly heuristic (first test is "exactly 1 digit?") */
-		if (v->now - save == 0 || (int)c <= v->nsubexp) {
+		if (v->now-save == 0 || ((int)c > 0 && (int)c <= v->nsubexp)) {
 			NOTE(REG_UBACKREF);
 			RETV(BACKREF, (chr)c);
 		}
author	dkf <donal.k.fellows@manchester.ac.uk>	2007-10-30 10:27:33 (GMT)
committer	dkf <donal.k.fellows@manchester.ac.uk>	2007-10-30 10:27:33 (GMT)
commit	36ea3f27001c99cbc7cb3cae6894efaffe7fb512 (patch)
tree	a39e92094fa8fa6c997baa1e9d37be96a31bd97d
parent	004324cca99a52563cd03e1b7f98b924a3db8d5f (diff)
download	tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.zip tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.tar.gz tcl-36ea3f27001c99cbc7cb3cae6894efaffe7fb512.tar.bz2