Fix [9c7557160]: signed integer overflow in UpdateStringOfByteArray()

author: jan.nijtmans <nijtmans@users.sourceforge.net> 2022-03-08 15:23:16 (GMT)
committer: jan.nijtmans <nijtmans@users.sourceforge.net> 2022-03-08 15:23:16 (GMT)
commit: 94033c98698f9311df88190fad45f190b4b829a8 (patch)
tree: eec275c78dd36e57ad093cbabd18a25e54b2bee4
parent: aaead6c7ae251886735590603d20616cc63a497f (diff)
download: tcl-94033c98698f9311df88190fad45f190b4b829a8.zip
tcl-94033c98698f9311df88190fad45f190b4b829a8.tar.gz
tcl-94033c98698f9311df88190fad45f190b4b829a8.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/generic/tclBinary.c b/generic/tclBinary.c
index fdb7f59..1c97728 100644
--- a/generic/tclBinary.c
+++ b/generic/tclBinary.c
@@ -565,14 +565,14 @@ UpdateStringOfByteArray(
     size = length;
     for (i = 0; i < length && size >= 0; i++) {
 	if ((src[i] == 0) || (src[i] > 127)) {
-	    size++;
+	    size = (int)((unsigned int)size + 1U);
 	}
     }
     if (size < 0) {
 	Tcl_Panic("max size for a Tcl value (%d bytes) exceeded", INT_MAX);
     }
 
-    dst = (char *)ckalloc(size + 1);
+    dst = (char *)ckalloc((unsigned int)size + 1U);
     objPtr->bytes = dst;
     objPtr->length = size;
author	jan.nijtmans <nijtmans@users.sourceforge.net>	2022-03-08 15:23:16 (GMT)
committer	jan.nijtmans <nijtmans@users.sourceforge.net>	2022-03-08 15:23:16 (GMT)
commit	94033c98698f9311df88190fad45f190b4b829a8 (patch)
tree	eec275c78dd36e57ad093cbabd18a25e54b2bee4
parent	aaead6c7ae251886735590603d20616cc63a497f (diff)
download	tcl-94033c98698f9311df88190fad45f190b4b829a8.zip tcl-94033c98698f9311df88190fad45f190b4b829a8.tar.gz tcl-94033c98698f9311df88190fad45f190b4b829a8.tar.bz2