summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordgp <dgp@users.sourceforge.net>2015-07-15 17:17:03 (GMT)
committerdgp <dgp@users.sourceforge.net>2015-07-15 17:17:03 (GMT)
commit6670acc974bc94845dc92e48f2789cbf6520f727 (patch)
treebdd5b030a8c3d9c9137d34305e481061777e7048
parent91de92f0234579b1caf796f6f8b3ebce2099a8da (diff)
downloadtcl-6670acc974bc94845dc92e48f2789cbf6520f727.zip
tcl-6670acc974bc94845dc92e48f2789cbf6520f727.tar.gz
tcl-6670acc974bc94845dc92e48f2789cbf6520f727.tar.bz2
[b1534b438b] Prevent read outside buffer boundaries.
-rw-r--r--generic/tclIO.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/generic/tclIO.c b/generic/tclIO.c
index 1b0d0ab..564df27 100644
--- a/generic/tclIO.c
+++ b/generic/tclIO.c
@@ -3899,7 +3899,18 @@ Write(
return -1;
}
flushed += statePtr->bufSize;
- if (saved == 0 || src[-1] != '\n') {
+
+ /*
+ * We just flushed. So if we have needNlFlush set to record
+ * that we need to flush because theres a (translated) newline
+ * in the buffer, that's likely not true any more. But there
+ * is a tricky exception. If we have saved bytes that did not
+ * really get flushed and those bytes came from a translation
+ * of a newline as the last thing taken from the src array,
+ * then needNlFlush needs to remain set to flag that the
+ * next buffer still needs a newline flush.
+ */
+ if (needNlFlush && (saved == 0 || src[-1] != '\n')) {
needNlFlush = 0;
}
}