[Bug 3129448]: possible over-allocation on 64-bit platforms

4 files changed, 26 insertions, 21 deletions

diff --git a/ChangeLog b/ChangeLog
index 51d35b6..44eaf6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-12-06  Jan Nijtmans  <nijtmans@users.sf.net>
+
+	* generic/tclBinary.c     [Bug 3129448]: possible over-allocation on 64-bit platforms
+	* generic/tclCkalloc.c
+	* generic/tclTrace.c
+
 2010-12-05  Jan Nijtmans  <nijtmans@users.sf.net>
 
 	* unix/tcl.m4:      [Patch #3116490] cross-compile support for unix
diff --git a/generic/tclBinary.c b/generic/tclBinary.c
index b40e109..6036f31 100644
--- a/generic/tclBinary.c
+++ b/generic/tclBinary.c
@@ -10,7 +10,7 @@
  * See the file "license.terms" for information on usage and redistribution of
  * this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tclBinary.c,v 1.67 2010/11/19 10:17:22 nijtmans Exp $
+ * RCS: @(#) $Id: tclBinary.c,v 1.68 2010/12/06 09:01:49 nijtmans Exp $
  */
 
 #include "tclInt.h"
@@ -174,13 +174,13 @@ typedef struct ByteArray {
 				 * array. */
     int allocated;		/* The amount of space actually allocated
 				 * minus 1 byte. */
-    unsigned char bytes[4];	/* The array of bytes. The actual size of this
+    unsigned char bytes[1];	/* The array of bytes. The actual size of this
 				 * field depends on the 'allocated' field
 				 * above. */
 } ByteArray;
 
 #define BYTEARRAY_SIZE(len) \
-		((unsigned) (sizeof(ByteArray) - 4 + (len)))
+		((unsigned) (TclOffset(ByteArray, bytes) + (len)))
 #define GET_BYTEARRAY(objPtr) \
 		((ByteArray *) (objPtr)->internalRep.otherValuePtr)
 #define SET_BYTEARRAY(objPtr, baPtr) \
diff --git a/generic/tclCkalloc.c b/generic/tclCkalloc.c
index dbd999e..4314554 100644
--- a/generic/tclCkalloc.c
+++ b/generic/tclCkalloc.c
@@ -14,7 +14,7 @@
  *
  * This code contributed by Karl Lehenbauer and Mark Diekhans
  *
- * RCS: @(#) $Id: tclCkalloc.c,v 1.41 2010/12/01 10:43:36 nijtmans Exp $
+ * RCS: @(#) $Id: tclCkalloc.c,v 1.42 2010/12/06 09:01:49 nijtmans Exp $
  */
 
 #include "tclInt.h"
@@ -32,12 +32,12 @@
 typedef struct MemTag {
     int refCount;		/* Number of mem_headers referencing this
 				 * tag. */
-    char string[4];		/* Actual size of string will be as large as
+    char string[1];		/* Actual size of string will be as large as
 				 * needed for actual tag. This must be the
 				 * last field in the structure. */
 } MemTag;
 
-#define TAG_SIZE(bytesInString) ((unsigned) sizeof(MemTag) + bytesInString - 3)
+#define TAG_SIZE(bytesInString) ((unsigned) ((TclOffset(MemTag, string) + 1) + bytesInString))
 
 static MemTag *curTagPtr = NULL;/* Tag to use in all future mem_headers (set
 				 * by "memory tag" command). */
@@ -185,7 +185,7 @@ TclDumpMemoryInfo(ClientData clientData, int flags)
 	    maximum_malloc_packets,
 	    maximum_bytes_malloced);
     if (flags == 0) {
-	fprintf((FILE *)clientData, buf);
+	fprintf((FILE *)clientData, "%s", buf);
     } else {
 	/* Assume objPtr to append to */
 	Tcl_AppendToObj((Tcl_Obj *) clientData, buf, -1);
diff --git a/generic/tclTrace.c b/generic/tclTrace.c
index 2e8759e..efbfbb7 100644
--- a/generic/tclTrace.c
+++ b/generic/tclTrace.c
@@ -11,7 +11,7 @@
  * See the file "license.terms" for information on usage and redistribution of
  * this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tclTrace.c,v 1.60 2010/08/22 18:53:26 nijtmans Exp $
+ * RCS: @(#) $Id: tclTrace.c,v 1.61 2010/12/06 09:01:49 nijtmans Exp $
  */
 
 #include "tclInt.h"
@@ -24,11 +24,11 @@ typedef struct {
     int flags;			/* Operations for which Tcl command is to be
 				 * invoked. */
     size_t length;		/* Number of non-NUL chars. in command. */
-    char command[4];		/* Space for Tcl command to invoke. Actual
+    char command[1];		/* Space for Tcl command to invoke. Actual
 				 * size will be as large as necessary to hold
 				 * command. This field must be the last in the
-				 * structure, so that it can be larger than 4
-				 * bytes. */
+				 * structure, so that it can be larger than 1
+				 * byte. */
 } TraceVarInfo;
 
 typedef struct {
@@ -58,11 +58,11 @@ typedef struct {
 				 * deleted too early. Keeps track of how many
 				 * pieces of code have a pointer to this
 				 * structure. */
-    char command[4];		/* Space for Tcl command to invoke. Actual
+    char command[1];		/* Space for Tcl command to invoke. Actual
 				 * size will be as large as necessary to hold
 				 * command. This field must be the last in the
-				 * structure, so that it can be larger than 4
-				 * bytes. */
+				 * structure, so that it can be larger than 1
+				 * byte. */
 } TraceCommandInfo;
 
 /*
@@ -464,9 +464,8 @@ TraceExecutionObjCmd(
 	length = (size_t) commandLength;
 	if ((enum traceOptions) optionIndex == TRACE_ADD) {
 	    TraceCommandInfo *tcmdPtr = (TraceCommandInfo *)
-		    ckalloc((unsigned) (sizeof(TraceCommandInfo)
-			    - sizeof(tcmdPtr->command) + length + 1));
-
+		    ckalloc((unsigned) ((TclOffset(TraceCommandInfo, command)
+			    + 1) + length));
 	    tcmdPtr->flags = flags;
 	    tcmdPtr->stepTrace = NULL;
 	    tcmdPtr->startLevel = 0;
@@ -701,8 +700,8 @@ TraceCommandObjCmd(
 	length = (size_t) commandLength;
 	if ((enum traceOptions) optionIndex == TRACE_ADD) {
 	    TraceCommandInfo *tcmdPtr = (TraceCommandInfo *)
-		    ckalloc((unsigned) (sizeof(TraceCommandInfo)
-			    - sizeof(tcmdPtr->command) + length + 1));
+		    ckalloc((unsigned) ((TclOffset(TraceCommandInfo, command)
+			    + 1) + length));
 
 	    tcmdPtr->flags = flags;
 	    tcmdPtr->stepTrace = NULL;
@@ -902,8 +901,8 @@ TraceVariableObjCmd(
 	length = (size_t) commandLength;
 	if ((enum traceOptions) optionIndex == TRACE_ADD) {
 	    CombinedTraceVarInfo *ctvarPtr = (CombinedTraceVarInfo *)
-		    ckalloc((unsigned) (sizeof(CombinedTraceVarInfo)
-		    + length + 1 - sizeof(ctvarPtr->traceCmdInfo.command)));
+		    ckalloc((unsigned) ((TclOffset(CombinedTraceVarInfo,
+			    traceCmdInfo.command) + 1) + length));
 
 	    ctvarPtr->traceCmdInfo.flags = flags;
 	    if (objv[0] == NULL) {