summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordgp <dgp@users.sourceforge.net>2012-02-07 20:28:56 (GMT)
committerdgp <dgp@users.sourceforge.net>2012-02-07 20:28:56 (GMT)
commitff9b3b8ec7d147ac0092284c95bc1c804a9bb207 (patch)
treeb66343be0bb27304574c528bdfd5ffeff6712a31
parent5894df49560c27bd2e8a613912674b7f6392ae84 (diff)
downloadtcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.zip
tcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.tar.gz
tcl-ff9b3b8ec7d147ac0092284c95bc1c804a9bb207.tar.bz2
3484402 Correct Off-By-One error appending unicode. Thanks to Poor Yorick.bug_3484402
Also converted some memcpy() to memmove() to reliably handle overlapping copies, and corrected test for when growth is needed.
-rw-r--r--generic/tclStringObj.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index b5b3674..e8aee4b 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -1308,7 +1308,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars)
numChars = stringPtr->numChars + appendNumChars;
stringCheckLimits(numChars);
- if (STRING_UALLOC(numChars) >= stringPtr->uallocated) {
+ if (STRING_UALLOC(numChars) > stringPtr->uallocated) {
/*
* Protect against case where unicode points into the existing
* stringPtr->unicode array. Force it to follow any relocations
@@ -1316,7 +1316,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars)
*/
int offset = -1;
if (unicode >= stringPtr->unicode && unicode <= stringPtr->unicode
- + 1 + stringPtr->uallocated / sizeof(Tcl_UniChar)) {
+ + stringPtr->uallocated / sizeof(Tcl_UniChar)) {
offset = unicode - stringPtr->unicode;
}
@@ -1334,7 +1334,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars)
* trailing null.
*/
- memcpy((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode,
+ memmove((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode,
appendNumChars * sizeof(Tcl_UniChar));
stringPtr->unicode[numChars] = 0;
stringPtr->numChars = numChars;
@@ -1514,7 +1514,7 @@ AppendUtfToUtfRep(objPtr, bytes, numBytes)
stringPtr->numChars = -1;
stringPtr->hasUnicode = 0;
- memcpy((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes,
+ memmove((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes,
(size_t) numBytes);
objPtr->bytes[newLength] = 0;
objPtr->length = newLength;