diff options
author | hobbs <hobbs> | 2003-05-10 23:55:07 (GMT) |
---|---|---|
committer | hobbs <hobbs> | 2003-05-10 23:55:07 (GMT) |
commit | ca7a5fa3513866dc5af04d659b7a2303c6191088 (patch) | |
tree | a9a7f8487469dcb5fa1c8352d12d7744f414f05b | |
parent | a1a89f3a0b9f77e6761a98f7abb6fd2a18bdaed4 (diff) | |
download | tcl-ca7a5fa3513866dc5af04d659b7a2303c6191088.zip tcl-ca7a5fa3513866dc5af04d659b7a2303c6191088.tar.gz tcl-ca7a5fa3513866dc5af04d659b7a2303c6191088.tar.bz2 |
* generic/tclCmdMZ.c (Tcl_StringObjCmd): prevent string repeat
crash when overflow sizes were given (throws error). [Bug #714106]
-rw-r--r-- | ChangeLog | 39 | ||||
-rw-r--r-- | generic/tclCmdMZ.c | 11 |
2 files changed, 32 insertions, 18 deletions
@@ -1,3 +1,8 @@ +2003-05-10 Jeff Hobbs <jeffh@ActiveState.com> + + * generic/tclCmdMZ.c (Tcl_StringObjCmd): prevent string repeat + crash when overflow sizes were given (throws error). [Bug #714106] + 2003-05-09 Joe Mistachkin <joe@mistachkin.com> * generic/tclThreadAlloc.c (TclFreeAllocCache): Fixed memory leak @@ -184,10 +189,10 @@ test guarding Tcl_AddObjErrorInfo to take this into account. [Bug reported by Don Porter; no bug-id.] -2003-04-07 Don Porter <dgp@users.sourceforge.net> +2003-04-07 Don Porter <dgp@users.sourceforge.net> - * generic/tclCompCmds.c (TclCompileIfCmd): Corrected string limits of - arguments interpolated in error messages. [Bug 711371] + * generic/tclCompCmds.c (TclCompileIfCmd): Corrected string limits of + arguments interpolated in error messages. [Bug 711371] * generic/tclCmdMZ.c (TraceExecutionProc): Added missing Tcl_DiscardResult() call to avoid memory leak. @@ -210,11 +215,11 @@ -ltclstub85 instead of -ltclstub85s when configured with --disable-shared. -2003-04-01 Don Porter <dgp@users.sourceforge.net> +2003-04-01 Don Porter <dgp@users.sourceforge.net> - * tests/README: Direct [source] of *.test files is no longer - recommended. The tests/*.test files should only be evaluated under - the control of the [runAllTests] command in tests/all.tcl. + * tests/README: Direct [source] of *.test files is no longer + recommended. The tests/*.test files should only be evaluated under + the control of the [runAllTests] command in tests/all.tcl. 2003-03-27 Miguel Sofer <msofer@users.sf.net> @@ -240,22 +245,22 @@ * tests/format.test: * tests/foreach.test: -2003-03-26 Don Porter <dgp@users.sourceforge.net> +2003-03-26 Don Porter <dgp@users.sourceforge.net> * doc/tcltest.n: - * library/tcltest/tcltest.tcl: Added reporting during + * library/tcltest/tcltest.tcl: Added reporting during [configure -debug 1] operations to warn about multiple uses of the same test name. [FR 576693] Replaced [regexp] and [regsub] with [string map] where possible. Thanks to David Welton. [Bugs 667456,667558] - * library/tcltest/pkgIndex.tcl: Bumped to tcltest 2.2.3 + * library/tcltest/pkgIndex.tcl: Bumped to tcltest 2.2.3 * tests/msgcat.test (msgcat-2.2.1): changed test name to avoid duplication. [Bug 710356] - * unix/dltest/pkg?.c: Changed all Tcl_InitStubs calls to pass - argument exact = 0, so that rebuilds are not required when Tcl - bumps to a new version. [Bug 701926] + * unix/dltest/pkg?.c: Changed all Tcl_InitStubs calls to pass + argument exact = 0, so that rebuilds are not required when Tcl + bumps to a new version. [Bug 701926] 2003-03-24 Miguel Sofer <msofer@users.sf.net> @@ -373,11 +378,11 @@ * win/makefile.vc: Added two missing uses of $(DBGX) so that tclpip8x.dll loads without panicking on Win9x. - -2003-03-08 Don Porter <dgp@users.sourceforge.net> - * doc/tcltest.n: Added missing "-body" to example. Thanks to - Helmut Giese. [Bug 700011] +2003-03-08 Don Porter <dgp@users.sourceforge.net> + + * doc/tcltest.n: Added missing "-body" to example. Thanks to + Helmut Giese. [Bug 700011] 2003-03-06 Don Porter <dgp@users.sourceforge.net> diff --git a/generic/tclCmdMZ.c b/generic/tclCmdMZ.c index 8c4a951..5a1751e 100644 --- a/generic/tclCmdMZ.c +++ b/generic/tclCmdMZ.c @@ -14,7 +14,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclCmdMZ.c,v 1.82.2.3 2003/04/11 20:49:53 dgp Exp $ + * RCS: @(#) $Id: tclCmdMZ.c,v 1.82.2.4 2003/05/10 23:55:08 hobbs Exp $ */ #include "tclInt.h" @@ -2104,8 +2104,17 @@ Tcl_StringObjCmd(dummy, interp, objc, objv) * Only build up a string that has data. Instead of * building it up with repeated appends, we just allocate * the necessary space once and copy the string value in. + * Check for overflow with back-division. [Bug #714106] */ length2 = length1 * count; + if ((length2 / count) != length1) { + char buf[TCL_INTEGER_SPACE+1]; + sprintf(buf, "%d", INT_MAX); + Tcl_AppendStringsToObj(resultPtr, + "string size overflow, must be less than ", + buf, (char *) NULL); + return TCL_ERROR; + } /* * Include space for the NULL */ |