diff options
author | dgp <dgp@users.sourceforge.net> | 2012-02-07 20:28:56 (GMT) |
---|---|---|
committer | dgp <dgp@users.sourceforge.net> | 2012-02-07 20:28:56 (GMT) |
commit | ff9b3b8ec7d147ac0092284c95bc1c804a9bb207 (patch) | |
tree | b66343be0bb27304574c528bdfd5ffeff6712a31 | |
parent | 5894df49560c27bd2e8a613912674b7f6392ae84 (diff) | |
download | tcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.zip tcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.tar.gz tcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.tar.bz2 |
3484402 Correct Off-By-One error appending unicode. Thanks to Poor Yorick.bug_3484402
Also converted some memcpy() to memmove() to reliably handle overlapping
copies, and corrected test for when growth is needed.
-rw-r--r-- | generic/tclStringObj.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c index b5b3674..e8aee4b 100644 --- a/generic/tclStringObj.c +++ b/generic/tclStringObj.c @@ -1308,7 +1308,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) numChars = stringPtr->numChars + appendNumChars; stringCheckLimits(numChars); - if (STRING_UALLOC(numChars) >= stringPtr->uallocated) { + if (STRING_UALLOC(numChars) > stringPtr->uallocated) { /* * Protect against case where unicode points into the existing * stringPtr->unicode array. Force it to follow any relocations @@ -1316,7 +1316,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) */ int offset = -1; if (unicode >= stringPtr->unicode && unicode <= stringPtr->unicode - + 1 + stringPtr->uallocated / sizeof(Tcl_UniChar)) { + + stringPtr->uallocated / sizeof(Tcl_UniChar)) { offset = unicode - stringPtr->unicode; } @@ -1334,7 +1334,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) * trailing null. */ - memcpy((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode, + memmove((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode, appendNumChars * sizeof(Tcl_UniChar)); stringPtr->unicode[numChars] = 0; stringPtr->numChars = numChars; @@ -1514,7 +1514,7 @@ AppendUtfToUtfRep(objPtr, bytes, numBytes) stringPtr->numChars = -1; stringPtr->hasUnicode = 0; - memcpy((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes, + memmove((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes, (size_t) numBytes); objPtr->bytes[newLength] = 0; objPtr->length = newLength; |