summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordkf <donal.k.fellows@manchester.ac.uk>2005-08-25 22:27:08 (GMT)
committerdkf <donal.k.fellows@manchester.ac.uk>2005-08-25 22:27:08 (GMT)
commitd9a0eba67b5c86ae91a6dfa013879646fc6d3e8f (patch)
tree6dadbf8064bff88d2cd10de52f4ee2b10d55d42f
parentb80a4cf9a7f8276fabaf13a2c74ea777ed30031a (diff)
downloadtcl-d9a0eba67b5c86ae91a6dfa013879646fc6d3e8f.zip
tcl-d9a0eba67b5c86ae91a6dfa013879646fc6d3e8f.tar.gz
tcl-d9a0eba67b5c86ae91a6dfa013879646fc6d3e8f.tar.bz2
Backport of fix for [Bug 1267380]
-rw-r--r--ChangeLog6
-rw-r--r--generic/tclListObj.c8
2 files changed, 13 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index d311abd..5ed5e36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2005-08-25 Donal K. Fellows <donal.k.fellows@man.ac.uk>
+
+ * generic/tclListObj.c (UpdateStringOfList): Stop uncontrolled and
+ unsafe crashes from happening when working with very large string
+ representations. [Bug 1267380]
+
2005-08-17 Jeff Hobbs <jeffh@ActiveState.com>
* generic/tclFCmd.c (TclFileMakeDirsCmd): fix to race condition in
diff --git a/generic/tclListObj.c b/generic/tclListObj.c
index 446a67e..bdc2bc0 100644
--- a/generic/tclListObj.c
+++ b/generic/tclListObj.c
@@ -11,7 +11,7 @@
* See the file "license.terms" for information on usage and redistribution
* of this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tclListObj.c,v 1.13.4.1 2004/11/11 01:18:07 das Exp $
+ * RCS: @(#) $Id: tclListObj.c,v 1.13.4.2 2005/08/25 22:27:08 dkf Exp $
*/
#include "tclInt.h"
@@ -1623,6 +1623,12 @@ UpdateStringOfList(listPtr)
elem = Tcl_GetStringFromObj(listRepPtr->elements[i], &length);
listPtr->length += Tcl_ScanCountedElement(elem, length,
&flagPtr[i]) + 1;
+ /*
+ * Check for continued sanity. [Bug 1267380]
+ */
+ if (listPtr->length < 1) {
+ Tcl_Panic("string representation size exceeds sane bounds");
+ }
}
/*