diff options
| author | Miguel Sofer <miguel.sofer@gmail.com> | 2004-09-29 19:36:34 (GMT) |
|---|---|---|
| committer | Miguel Sofer <miguel.sofer@gmail.com> | 2004-09-29 19:36:34 (GMT) |
| commit | db28fb893dc50fd54f948ec4bf06c296cb4165f2 (patch) | |
| tree | 764d635a39043219a6e221c8c71a651b9ac1c9a6 | |
| parent | c36a55ff0083738d8bd88d1ba5c164046e441f8f (diff) | |
| download | tcl-db28fb893dc50fd54f948ec4bf06c296cb4165f2.zip tcl-db28fb893dc50fd54f948ec4bf06c296cb4165f2.tar.gz tcl-db28fb893dc50fd54f948ec4bf06c296cb4165f2.tar.bz2 | |
fix for buffer overflow in [subst], [Bug 1036649]
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | generic/tclBasic.c | 12 | ||||
| -rw-r--r-- | tests/subst.test | 19 |
3 files changed, 35 insertions, 2 deletions
@@ -1,3 +1,9 @@ +2004-09-29 Miguel Sofer <msofer@users.sf.net> + + * generic/tclBasic.c (Tcl_EvalEx): + * tests/subst.test (12.1-2): fix for buffer overflow in [subst], + [Bug 1036649] + 2004-09-23 Mo DeJong <mdejong@users.sourceforge.net> * unix/dltest/Makefile.in (clean): Fixup make clean diff --git a/generic/tclBasic.c b/generic/tclBasic.c index f7116dd..8b199ce 100644 --- a/generic/tclBasic.c +++ b/generic/tclBasic.c @@ -13,7 +13,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclBasic.c,v 1.75.2.9 2004/07/28 16:28:20 dgp Exp $ + * RCS: @(#) $Id: tclBasic.c,v 1.75.2.10 2004/09/29 19:36:36 msofer Exp $ */ #include "tclInt.h" @@ -3727,6 +3727,16 @@ Tcl_EvalEx(interp, script, numBytes, flags) return TCL_OK; } } while (bytesLeft > 0); + + if (nested) { + /* + * This nested script did not terminate in ']', it is an error. + */ + + code = TCL_ERROR; + goto error; + } + iPtr->termOffset = p - script; iPtr->varFramePtr = savedVarFramePtr; return TCL_OK; diff --git a/tests/subst.test b/tests/subst.test index 792420a..2cab058 100644 --- a/tests/subst.test +++ b/tests/subst.test @@ -11,7 +11,7 @@ # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: subst.test,v 1.13.2.2 2003/03/12 18:04:41 dgp Exp $ +# RCS: @(#) $Id: subst.test,v 1.13.2.3 2004/09/29 19:36:37 msofer Exp $ if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest @@ -220,6 +220,23 @@ test subst-11.6 {continue in a variable subst} { subst {foo $var([continue]) bar} } {foo bar} +test subst-12.1 {nasty case, Bug 1036649} { + for {set i 0} {$i < 10} {incr i} { + set res [list [catch {subst "\[subst {};"} msg] $msg] + if {$msg ne "missing close-bracket"} break + } + set res +} {1 {missing close-bracket}} +test subst-12.2 {nasty case, Bug 1036649} { + for {set i 0} {$i < 10} {incr i} { + list [catch {subst "\[subst {}; "} msg] $msg + if {$msg ne "missing close-bracket"} break + } + set res +} {1 {missing close-bracket}} + + + # cleanup ::tcltest::cleanupTests return |