diff options
author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2022-01-13 12:22:51 (GMT) |
---|---|---|
committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2022-01-13 12:22:51 (GMT) |
commit | 1bc44ec32ab03ebaec021f52129ee1fefcac7850 (patch) | |
tree | d8b18fbe1fb427edb02d3fef8f49562bf10f15b9 | |
parent | d679a49bc0da1e368daa6af07fcf72af2e3dceb4 (diff) | |
download | tcl-1bc44ec32ab03ebaec021f52129ee1fefcac7850.zip tcl-1bc44ec32ab03ebaec021f52129ee1fefcac7850.tar.gz tcl-1bc44ec32ab03ebaec021f52129ee1fefcac7850.tar.bz2 |
Fix [816913a65e]: GrowStringBuffer(): signed integer overflow. And a few similar situations in other place
-rw-r--r-- | generic/tclBinary.c | 2 | ||||
-rw-r--r-- | generic/tclCkalloc.c | 2 | ||||
-rw-r--r-- | generic/tclCompile.c | 2 | ||||
-rw-r--r-- | generic/tclObj.c | 2 | ||||
-rw-r--r-- | generic/tclProc.c | 2 | ||||
-rw-r--r-- | generic/tclStringObj.c | 6 | ||||
-rw-r--r-- | generic/tclStringRep.h | 2 |
7 files changed, 9 insertions, 9 deletions
diff --git a/generic/tclBinary.c b/generic/tclBinary.c index 0296770..6f36d54 100644 --- a/generic/tclBinary.c +++ b/generic/tclBinary.c @@ -189,7 +189,7 @@ typedef struct ByteArray { } ByteArray; #define BYTEARRAY_SIZE(len) \ - ((unsigned) (TclOffset(ByteArray, bytes) + (len))) + (((unsigned)TclOffset(ByteArray, bytes) + (len))) #define GET_BYTEARRAY(objPtr) \ ((ByteArray *) (objPtr)->internalRep.twoPtrValue.ptr1) #define SET_BYTEARRAY(objPtr, baPtr) \ diff --git a/generic/tclCkalloc.c b/generic/tclCkalloc.c index 8c83aeb..20285eb 100644 --- a/generic/tclCkalloc.c +++ b/generic/tclCkalloc.c @@ -41,7 +41,7 @@ typedef struct MemTag { * last field in the structure. */ } MemTag; -#define TAG_SIZE(bytesInString) ((unsigned) ((TclOffset(MemTag, string) + 1) + (bytesInString))) +#define TAG_SIZE(bytesInString) ((unsigned) ((TclOffset(MemTag, string) + 1U) + (bytesInString))) static MemTag *curTagPtr = NULL;/* Tag to use in all future mem_headers (set * by "memory tag" command). */ diff --git a/generic/tclCompile.c b/generic/tclCompile.c index eb2e16b..4a50089 100644 --- a/generic/tclCompile.c +++ b/generic/tclCompile.c @@ -3010,7 +3010,7 @@ TclFindCompiledLocal( if (create || (name == NULL)) { localVar = procPtr->numCompiledLocals; - localPtr = ckalloc(TclOffset(CompiledLocal, name) + nameBytes + 1); + localPtr = ckalloc(TclOffset(CompiledLocal, name) + 1U + nameBytes); if (procPtr->firstLocalPtr == NULL) { procPtr->firstLocalPtr = procPtr->lastLocalPtr = localPtr; } else { diff --git a/generic/tclObj.c b/generic/tclObj.c index 0950dcd..1fd674f 100644 --- a/generic/tclObj.c +++ b/generic/tclObj.c @@ -576,7 +576,7 @@ TclContinuationsEnter( ThreadSpecificData *tsdPtr = TclGetContLineTable(); Tcl_HashEntry *hPtr = Tcl_CreateHashEntry(tsdPtr->lineCLPtr, objPtr, &newEntry); - ContLineLoc *clLocPtr = (ContLineLoc *)ckalloc(TclOffset(ContLineLoc, loc) + (num + 1) *sizeof(int)); + ContLineLoc *clLocPtr = (ContLineLoc *)ckalloc(TclOffset(ContLineLoc, loc) + (num + 1U) *sizeof(int)); if (!newEntry) { /* diff --git a/generic/tclProc.c b/generic/tclProc.c index 7921d38..a533878 100644 --- a/generic/tclProc.c +++ b/generic/tclProc.c @@ -600,7 +600,7 @@ TclCreateProc( */ localPtr = (CompiledLocal *)ckalloc( - TclOffset(CompiledLocal, name) + fieldValues[0]->length + 1); + TclOffset(CompiledLocal, name) + 1U + fieldValues[0]->length); if (procPtr->firstLocalPtr == NULL) { procPtr->firstLocalPtr = procPtr->lastLocalPtr = localPtr; } else { diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c index 75b449d..edfcb9f 100644 --- a/generic/tclStringObj.c +++ b/generic/tclStringObj.c @@ -151,7 +151,7 @@ GrowStringBuffer( if (flag == 0 || stringPtr->allocated > 0) { if (needed <= INT_MAX / 2) { attempt = 2 * needed; - ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1); + ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1U); } if (ptr == NULL) { /* @@ -164,7 +164,7 @@ GrowStringBuffer( int growth = (int) ((extra > limit) ? limit : extra); attempt = needed + growth; - ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1); + ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1U); } } if (ptr == NULL) { @@ -173,7 +173,7 @@ GrowStringBuffer( */ attempt = needed; - ptr = (char *)ckrealloc(objPtr->bytes, attempt + 1); + ptr = (char *)ckrealloc(objPtr->bytes, attempt + 1U); } objPtr->bytes = ptr; stringPtr->allocated = attempt; diff --git a/generic/tclStringRep.h b/generic/tclStringRep.h index 59e9499..c0adc10 100644 --- a/generic/tclStringRep.h +++ b/generic/tclStringRep.h @@ -67,7 +67,7 @@ typedef struct String { #define STRING_MAXCHARS \ (int)(((size_t)UINT_MAX - 1 - TclOffset(String, unicode))/sizeof(Tcl_UniChar)) #define STRING_SIZE(numChars) \ - (TclOffset(String, unicode) + (((numChars) + 1) * sizeof(Tcl_UniChar))) + (TclOffset(String, unicode) + (((numChars) + 1U) * sizeof(Tcl_UniChar))) #define stringCheckLimits(numChars) \ do { \ if ((numChars) < 0 || (numChars) > STRING_MAXCHARS) { \ |