Prevent buffer read overflow. Thanks to "sebres" for the report and fix

author: jan.nijtmans <nijtmans@users.sourceforge.net> 2012-01-21 08:20:04 (GMT)
committer: jan.nijtmans <nijtmans@users.sourceforge.net> 2012-01-21 08:20:04 (GMT)
commit: 575c4b7e017b102778b8be9e2f6211cfeaff731e (patch)
tree: 2be3b592243d10acc926c65afe7f7d61e9974000
parent: bf96173904e2e0d289576e5e1ba2f1dfb1b90194 (diff)
parent: 1fee70e19851cf0cd15e831a21a558dc898045d7 (diff)
download: tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.zip
tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.tar.gz
tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.tar.bz2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 458bb51..0af50d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-01-19  Don Porter  <dgp@users.sourceforge.net>
+
+	* generic/tclCmdMZ.c:	[Bug 3475667] Prevent buffer read overflow.
+	Thanks to "sebres" for the report and fix.
+
 2012-01-17  Donal K. Fellows  <dkf@users.sf.net>
 
 	* doc/dict.n (dict with): [Bug 3474512]: Explain better what is going
diff --git a/generic/tclCmdMZ.c b/generic/tclCmdMZ.c
index e7c7152..e159f67 100644
--- a/generic/tclCmdMZ.c
+++ b/generic/tclCmdMZ.c
@@ -282,7 +282,7 @@ Tcl_RegexpObjCmd(
 	 * start of the string unless the previous character is a newline.
 	 */
 
-	if ((offset == 0) || ((offset > 0) &&
+	if ((offset == 0) || ((offset > 0) && (offset < stringLength) &&
 		(Tcl_GetUniChar(objPtr, offset-1) == (Tcl_UniChar) '\n'))) {
 	    eflags = 0;
 	} else {
author	jan.nijtmans <nijtmans@users.sourceforge.net>	2012-01-21 08:20:04 (GMT)
committer	jan.nijtmans <nijtmans@users.sourceforge.net>	2012-01-21 08:20:04 (GMT)
commit	575c4b7e017b102778b8be9e2f6211cfeaff731e (patch)
tree	2be3b592243d10acc926c65afe7f7d61e9974000
parent	bf96173904e2e0d289576e5e1ba2f1dfb1b90194 (diff)
parent	1fee70e19851cf0cd15e831a21a558dc898045d7 (diff)
download	tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.zip tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.tar.gz tcl-575c4b7e017b102778b8be9e2f6211cfeaff731e.tar.bz2