summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordgp <dgp@users.sourceforge.net>2015-07-15 17:20:19 (GMT)
committerdgp <dgp@users.sourceforge.net>2015-07-15 17:20:19 (GMT)
commit5c85ae6be1c273dc4c2d2125a5f681a81d998b8f (patch)
tree45d0e35c8eb923f7fd4d1b53ef88e17e57a879a1
parent2c2c6779064b9b09f0ed2cd6d3fd72141bd7f1cd (diff)
parent6670acc974bc94845dc92e48f2789cbf6520f727 (diff)
downloadtcl-5c85ae6be1c273dc4c2d2125a5f681a81d998b8f.zip
tcl-5c85ae6be1c273dc4c2d2125a5f681a81d998b8f.tar.gz
tcl-5c85ae6be1c273dc4c2d2125a5f681a81d998b8f.tar.bz2
[b1534b438b] Prevent read outside buffer boundaries.
-rw-r--r--generic/tclIO.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/generic/tclIO.c b/generic/tclIO.c
index 8b2e149..aad576a 100644
--- a/generic/tclIO.c
+++ b/generic/tclIO.c
@@ -4333,7 +4333,18 @@ Write(
return -1;
}
flushed += statePtr->bufSize;
- if (saved == 0 || src[-1] != '\n') {
+
+ /*
+ * We just flushed. So if we have needNlFlush set to record
+ * that we need to flush because theres a (translated) newline
+ * in the buffer, that's likely not true any more. But there
+ * is a tricky exception. If we have saved bytes that did not
+ * really get flushed and those bytes came from a translation
+ * of a newline as the last thing taken from the src array,
+ * then needNlFlush needs to remain set to flag that the
+ * next buffer still needs a newline flush.
+ */
+ if (needNlFlush && (saved == 0 || src[-1] != '\n')) {
needNlFlush = 0;
}
}