summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornijtmans <nijtmans>2011-01-25 15:55:48 (GMT)
committernijtmans <nijtmans>2011-01-25 15:55:48 (GMT)
commit53b9e2937065442dd2431deb31a3dd31d0b5d81b (patch)
tree96fe18903ff9db6bec85728c33200aaca097c9bd
parent846cac3a5896e94923fee07d2004efec4f73effc (diff)
downloadtcl-53b9e2937065442dd2431deb31a3dd31d0b5d81b.zip
tcl-53b9e2937065442dd2431deb31a3dd31d0b5d81b.tar.gz
tcl-53b9e2937065442dd2431deb31a3dd31d0b5d81b.tar.bz2
[Bug 3129448]: Possible over-allocation on 64-bit platforms, part 2,
backported strcpy->memcpy change but not change in any struct.
-rw-r--r--ChangeLog6
-rw-r--r--generic/tclCkalloc.c8
-rw-r--r--generic/tclHash.c14
-rw-r--r--generic/tclProc.c34
4 files changed, 35 insertions, 27 deletions
diff --git a/ChangeLog b/ChangeLog
index 6b9032f..66eddea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-01-25 Jan Nijtmans <nijtmans@users.sf.net>
+
+ * generic/tclCkalloc.c: [Bug 3129448]: Possible over-allocation on 64-bit
+ * generic/tclHash.c: platforms, part 2, backported strcpy->memcpy
+ * generic/tclProc.c change but not change in any struct.
+
2011-01-19 Alexandre Ferrieux <ferrieux@users.sourceforge.net>
* generic/tclExecute.c: Backport of Miguel's 2010-09-22 fix on 8.6
diff --git a/generic/tclCkalloc.c b/generic/tclCkalloc.c
index 27aad95..c7a9757 100644
--- a/generic/tclCkalloc.c
+++ b/generic/tclCkalloc.c
@@ -14,7 +14,7 @@
*
* This code contributed by Karl Lehenbauer and Mark Diekhans
*
- * RCS: @(#) $Id: tclCkalloc.c,v 1.32.4.3 2010/10/02 00:29:42 hobbs Exp $
+ * RCS: @(#) $Id: tclCkalloc.c,v 1.32.4.4 2011/01/25 15:55:48 nijtmans Exp $
*/
#include "tclInt.h"
@@ -824,6 +824,7 @@ MemoryCmd(
FILE *fileP;
Tcl_DString buffer;
int result;
+ size_t len;
if (argc < 2) {
Tcl_AppendResult(interp, "wrong # args: should be \"", argv[0],
@@ -919,9 +920,10 @@ MemoryCmd(
if ((curTagPtr != NULL) && (curTagPtr->refCount == 0)) {
TclpFree((char *) curTagPtr);
}
- curTagPtr = (MemTag *) TclpAlloc(TAG_SIZE(strlen(argv[2])));
+ len = strlen(argv[2]);
+ curTagPtr = (MemTag *) TclpAlloc(TAG_SIZE(len));
curTagPtr->refCount = 0;
- strcpy(curTagPtr->string, argv[2]);
+ memcpy(curTagPtr->string, argv[2], len + 1);
return TCL_OK;
}
if (strcmp(argv[1],"trace") == 0) {
diff --git a/generic/tclHash.c b/generic/tclHash.c
index fa4952a..841df07 100644
--- a/generic/tclHash.c
+++ b/generic/tclHash.c
@@ -10,7 +10,7 @@
* See the file "license.terms" for information on usage and redistribution of
* this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tclHash.c,v 1.33.2.2 2010/12/31 17:15:16 nijtmans Exp $
+ * RCS: @(#) $Id: tclHash.c,v 1.33.2.3 2011/01/25 15:55:48 nijtmans Exp $
*/
#include "tclInt.h"
@@ -845,14 +845,14 @@ AllocStringEntry(
{
const char *string = (const char *) keyPtr;
Tcl_HashEntry *hPtr;
- unsigned int size;
+ unsigned int size, allocsize;
- size = sizeof(Tcl_HashEntry) + strlen(string) + 1 - sizeof(hPtr->key);
- if (size < sizeof(Tcl_HashEntry)) {
- size = sizeof(Tcl_HashEntry);
+ allocsize = size = strlen(string) + 1;
+ if (size < sizeof(hPtr->key)) {
+ allocsize = sizeof(hPtr->key);
}
- hPtr = (Tcl_HashEntry *) ckalloc(size);
- strcpy(hPtr->key.string, string);
+ hPtr = (Tcl_HashEntry *) ckalloc(sizeof(Tcl_HashEntry) + allocsize - sizeof(hPtr->key));
+ memcpy(hPtr->key.string, string, size);
hPtr->clientData = 0;
return hPtr;
}
diff --git a/generic/tclProc.c b/generic/tclProc.c
index 0723a1e..07bd19d 100644
--- a/generic/tclProc.c
+++ b/generic/tclProc.c
@@ -12,7 +12,7 @@
* See the file "license.terms" for information on usage and redistribution of
* this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tclProc.c,v 1.139.2.7 2010/08/15 16:16:07 dkf Exp $
+ * RCS: @(#) $Id: tclProc.c,v 1.139.2.8 2011/01/25 15:55:48 nijtmans Exp $
*/
#include "tclInt.h"
@@ -633,7 +633,7 @@ TclCreateProc(
} else {
localPtr->defValuePtr = NULL;
}
- strcpy(localPtr->name, fieldValues[0]);
+ memcpy(localPtr->name, fieldValues[0], nameLength + 1);
if ((i == numArgs - 1)
&& (localPtr->nameLength == 4)
&& (localPtr->name[0] == 'a')
@@ -1083,7 +1083,7 @@ ProcWrongNumArgs(
int localCt = procPtr->numCompiledLocals, numArgs, i;
Tcl_Obj **desiredObjs;
const char *final = NULL;
-
+
/*
* Build up desired argument list for Tcl_WrongNumArgs
*/
@@ -1175,7 +1175,7 @@ TclInitCompiledLocals(
}
framePtr->localCachePtr = codePtr->localCachePtr;
framePtr->localCachePtr->refCount++;
- }
+ }
InitResolvedLocals(interp, codePtr, varPtr, nsPtr);
}
@@ -1233,12 +1233,12 @@ InitResolvedLocals(
for (; localPtr != NULL; varPtr++, localPtr = localPtr->nextPtr) {
varPtr->flags = 0;
varPtr->value.objPtr = NULL;
-
+
/*
* Now invoke the resolvers to determine the exact variables
* that should be used.
*/
-
+
resVarInfo = localPtr->resolveInfo;
if (resVarInfo && resVarInfo->fetchProc) {
Var *resolvedVarPtr = (Var *)
@@ -1259,7 +1259,7 @@ InitResolvedLocals(
* This is the first run after a recompile, or else the resolver epoch
* has changed: update the resolver cache.
*/
-
+
firstLocalPtr = localPtr;
for (; localPtr != NULL; localPtr = localPtr->nextPtr) {
if (localPtr->resolveInfo) {
@@ -1271,13 +1271,13 @@ InitResolvedLocals(
localPtr->resolveInfo = NULL;
}
localPtr->flags &= ~VAR_RESOLVED;
-
+
if (haveResolvers &&
!(localPtr->flags & (VAR_ARGUMENT|VAR_TEMPORARY))) {
ResolverScheme *resPtr = iPtr->resolverPtr;
Tcl_ResolvedVarInfo *vinfo;
int result;
-
+
if (nsPtr->compiledVarResProc) {
result = (*nsPtr->compiledVarResProc)(nsPtr->interp,
localPtr->name, localPtr->nameLength,
@@ -1316,8 +1316,8 @@ TclFreeLocalCache(
for (i = 0; i < localCachePtr->numVars; i++, namePtrPtr++) {
Tcl_Obj *objPtr = *namePtrPtr;
/*
- * Note that this can be called with interp==NULL, on interp
- * deletion. In that case, the literal table and objects go away
+ * Note that this can be called with interp==NULL, on interp
+ * deletion. In that case, the literal table and objects go away
* on their own.
*/
if (objPtr) {
@@ -1396,7 +1396,7 @@ InitArgsAndLocals(
register Var *varPtr, *defPtr;
int localCt = procPtr->numCompiledLocals, numArgs, argCt, i, imax;
Tcl_Obj *const *argObjs;
-
+
/*
* Make sure that the local cache of variable names and initial values has
* been initialised properly .
@@ -1412,7 +1412,7 @@ InitArgsAndLocals(
} else {
defPtr = NULL;
}
-
+
/*
* Create the "compiledLocals" array. Make sure it is large enough to hold
* all the procedure's compiled local variables, including its formal
@@ -1720,7 +1720,7 @@ TclObjInterpProcCore(
int l = iPtr->varFramePtr->isProcCallFrame & FRAME_IS_LAMBDA ? 1 : 0;
while (i < 10) {
- a[i] = (l < iPtr->varFramePtr->objc ?
+ a[i] = (l < iPtr->varFramePtr->objc ?
TclGetString(iPtr->varFramePtr->objv[l]) : NULL); i++; l++;
}
TCL_DTRACE_PROC_ARGS(a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7],
@@ -1729,7 +1729,7 @@ TclObjInterpProcCore(
if (TCL_DTRACE_PROC_INFO_ENABLED() && iPtr->cmdFramePtr) {
Tcl_Obj *info = TclInfoFrame(interp, iPtr->cmdFramePtr);
char *a[4]; int i[2];
-
+
TclDTraceInfo(info, a, i);
TCL_DTRACE_PROC_INFO(a[0], a[1], a[2], a[3], i[0], i[1]);
TclDecrRefCount(info);
@@ -1751,7 +1751,7 @@ TclObjInterpProcCore(
codePtr->refCount++;
if (TCL_DTRACE_PROC_ENTRY_ENABLED()) {
int l;
-
+
l = iPtr->varFramePtr->isProcCallFrame & FRAME_IS_LAMBDA ? 2 : 1;
TCL_DTRACE_PROC_ENTRY(TclGetString(procNameObj),
iPtr->varFramePtr->objc - l,
@@ -2010,7 +2010,7 @@ ProcCompileProc(
Tcl_IncrRefCount(copy->defValuePtr);
}
copy->resolveInfo = localPtr->resolveInfo;
- strcpy(copy->name, localPtr->name);
+ memcpy(copy->name, localPtr->name, localPtr->nameLength + 1);
}
/*