summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorhobbs <hobbs>2003-05-10 23:54:36 (GMT)
committerhobbs <hobbs>2003-05-10 23:54:36 (GMT)
commitb701f31c2069ea5779f8e6b5c4f1ffc870f61b5d (patch)
treecd126df644cf9164f94cf00050e2ddf55774b5e9
parent2267785cb5db5ff4ff3bc5b9b3dc9cf4f309731f (diff)
downloadtcl-b701f31c2069ea5779f8e6b5c4f1ffc870f61b5d.zip
tcl-b701f31c2069ea5779f8e6b5c4f1ffc870f61b5d.tar.gz
tcl-b701f31c2069ea5779f8e6b5c4f1ffc870f61b5d.tar.bz2
* generic/tclCmdMZ.c (Tcl_StringObjCmd): prevent string repeat
crash when overflow sizes were given (throws error). [Bug #714106]
-rw-r--r--ChangeLog5
-rw-r--r--generic/tclCmdMZ.c11
2 files changed, 15 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 55e2edc..270646e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-10 Jeff Hobbs <jeffh@ActiveState.com>
+
+ * generic/tclCmdMZ.c (Tcl_StringObjCmd): prevent string repeat
+ crash when overflow sizes were given (throws error). [Bug #714106]
+
2003-05-09 Joe Mistachkin <joe@mistachkin.com>
* generic/tclThreadAlloc.c (TclFreeAllocCache): Fixed memory leak
diff --git a/generic/tclCmdMZ.c b/generic/tclCmdMZ.c
index 0716793..6a2915f 100644
--- a/generic/tclCmdMZ.c
+++ b/generic/tclCmdMZ.c
@@ -14,7 +14,7 @@
* See the file "license.terms" for information on usage and redistribution
* of this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tclCmdMZ.c,v 1.89 2003/05/09 13:08:19 dkf Exp $
+ * RCS: @(#) $Id: tclCmdMZ.c,v 1.90 2003/05/10 23:54:37 hobbs Exp $
*/
#include "tclInt.h"
@@ -2180,8 +2180,17 @@ Tcl_StringObjCmd(dummy, interp, objc, objv)
* Only build up a string that has data. Instead of
* building it up with repeated appends, we just allocate
* the necessary space once and copy the string value in.
+ * Check for overflow with back-division. [Bug #714106]
*/
length2 = length1 * count;
+ if ((length2 / count) != length1) {
+ char buf[TCL_INTEGER_SPACE+1];
+ sprintf(buf, "%d", INT_MAX);
+ Tcl_AppendStringsToObj(resultPtr,
+ "string size overflow, must be less than ",
+ buf, (char *) NULL);
+ return TCL_ERROR;
+ }
/*
* Include space for the NULL
*/