summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsebres <sebres@users.sourceforge.net>2025-07-18 17:20:51 (GMT)
committersebres <sebres@users.sourceforge.net>2025-07-18 17:20:51 (GMT)
commit6f2c08cfba0904f3bbd9f983e04381b4e86fccee (patch)
tree25454a19a0638e5ecc4246e58c9365bc8eac6088
parentd465d9bc0440d7750e83f0695f56572d38a324d6 (diff)
downloadtcl-6f2c08cfba0904f3bbd9f983e04381b4e86fccee.zip
tcl-6f2c08cfba0904f3bbd9f983e04381b4e86fccee.tar.gz
tcl-6f2c08cfba0904f3bbd9f983e04381b4e86fccee.tar.bz2
fixes [61c01e0edb08a9ed] (TclpMatchInDirectory, windows only), increment ref-count to avoid use-after-free for interim normalized path object, what may cause crash (SF/BO), usage of wrong path, etc.
Diffstat
-rw-r--r--win/tclWinFile.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/win/tclWinFile.c b/win/tclWinFile.c
index d3c2e68..6ddb9d0 100644
--- a/win/tclWinFile.c
+++ b/win/tclWinFile.c
@@ -961,6 +961,7 @@ TclpMatchInDirectory(
if (fileNamePtr == NULL) {
return TCL_ERROR;
}
+ Tcl_IncrRefCount(fileNamePtr); /* ensure it'd be alive, while used. */
/*
* Verify that the specified path exists and is actually a directory.
@@ -968,11 +969,13 @@ TclpMatchInDirectory(
native = Tcl_FSGetNativePath(pathPtr);
if (native == NULL) {
+ Tcl_DecrRefCount(fileNamePtr);
return TCL_OK;
}
attr = (*tclWinProcs->getFileAttributesProc)(native);
if ((attr == 0xffffffff) || ((attr & FILE_ATTRIBUTE_DIRECTORY) == 0)) {
+ Tcl_DecrRefCount(fileNamePtr);
return TCL_OK;
}
@@ -990,6 +993,7 @@ TclpMatchInDirectory(
Tcl_DStringAppend(&dsOrig, "/", 1);
dirLength++;
}
+ Tcl_DecrRefCount(fileNamePtr);
dirName = Tcl_DStringValue(&dsOrig);
/*
generated by cgit v0.12 at 2025-12-07 23:10:06 (GMT)