3475667 Prevent buffer read overflow. Thanks to "sebres" for the report and fix.

author: dgp <dgp@users.sourceforge.net> 2012-01-19 20:46:04 (GMT)
committer: dgp <dgp@users.sourceforge.net> 2012-01-19 20:46:04 (GMT)
commit: 868168e18953894ec72ea898ff4d2f518283184e (patch)
tree: 403c372c2579d691321cae91bd0a08637333017c
parent: bbed95eccee9f7f5940bf4465a16ec6e6efbb84a (diff)
download: tcl-868168e18953894ec72ea898ff4d2f518283184e.zip
tcl-868168e18953894ec72ea898ff4d2f518283184e.tar.gz
tcl-868168e18953894ec72ea898ff4d2f518283184e.tar.bz2
2 files changed, 7 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 6340499..2c6e34a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
-2011-01-17  Don Porter  <dgp@users.sourceforge.net>
+2012-01-19  Don Porter  <dgp@users.sourceforge.net>
+
+	* generic/tclCmdMZ.c:	[Bug 3475667] Prevent buffer read overflow.
+	Thanks to "sebres" for the report and fix.
+
+2012-01-17  Don Porter  <dgp@users.sourceforge.net>
 
 	* library/http/http.tcl:	Bump to 2.5.6.
 	* library/http/pkgIndex.tcl:
diff --git a/generic/tclCmdMZ.c b/generic/tclCmdMZ.c
index ccf3bc6..27e4055 100644
--- a/generic/tclCmdMZ.c
+++ b/generic/tclCmdMZ.c
@@ -378,7 +378,7 @@ Tcl_RegexpObjCmd(dummy, interp, objc, objv)
     while (1) {
 	match = Tcl_RegExpExecObj(interp, regExpr, objPtr,
 		offset /* offset */, numMatchesSaved, eflags 
-		| ((offset > 0 &&
+		| ((offset > 0 && offset < stringLength &&
 		   (Tcl_GetUniChar(objPtr,offset-1) != (Tcl_UniChar)'\n'))
 		   ? TCL_REG_NOTBOL : 0));
author	dgp <dgp@users.sourceforge.net>	2012-01-19 20:46:04 (GMT)
committer	dgp <dgp@users.sourceforge.net>	2012-01-19 20:46:04 (GMT)
commit	868168e18953894ec72ea898ff4d2f518283184e (patch)
tree	403c372c2579d691321cae91bd0a08637333017c
parent	bbed95eccee9f7f5940bf4465a16ec6e6efbb84a (diff)
download	tcl-868168e18953894ec72ea898ff4d2f518283184e.zip tcl-868168e18953894ec72ea898ff4d2f518283184e.tar.gz tcl-868168e18953894ec72ea898ff4d2f518283184e.tar.bz2