diff options
| author | hobbs <hobbs@noemail.net> | 2003-05-10 23:55:06 (GMT) |
|---|---|---|
| committer | hobbs <hobbs@noemail.net> | 2003-05-10 23:55:06 (GMT) |
| commit | 0ca7aaf9885b78579182b526335d3be7f52580e9 (patch) | |
| tree | a9a7f8487469dcb5fa1c8352d12d7744f414f05b /generic/tclCmdMZ.c | |
| parent | 94d2e98cbf546ccdbde54b6a5bebb2b034854f5a (diff) | |
| download | tcl-0ca7aaf9885b78579182b526335d3be7f52580e9.zip tcl-0ca7aaf9885b78579182b526335d3be7f52580e9.tar.gz tcl-0ca7aaf9885b78579182b526335d3be7f52580e9.tar.bz2 | |
* generic/tclCmdMZ.c (Tcl_StringObjCmd): prevent string repeat
crash when overflow sizes were given (throws error). [Bug #714106]
FossilOrigin-Name: 2e6f8b3c4f8c9f15914fa84426febb8b5f4dec55
Diffstat (limited to 'generic/tclCmdMZ.c')
| -rw-r--r-- | generic/tclCmdMZ.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/generic/tclCmdMZ.c b/generic/tclCmdMZ.c index 8c4a951..5a1751e 100644 --- a/generic/tclCmdMZ.c +++ b/generic/tclCmdMZ.c @@ -14,7 +14,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclCmdMZ.c,v 1.82.2.3 2003/04/11 20:49:53 dgp Exp $ + * RCS: @(#) $Id: tclCmdMZ.c,v 1.82.2.4 2003/05/10 23:55:08 hobbs Exp $ */ #include "tclInt.h" @@ -2104,8 +2104,17 @@ Tcl_StringObjCmd(dummy, interp, objc, objv) * Only build up a string that has data. Instead of * building it up with repeated appends, we just allocate * the necessary space once and copy the string value in. + * Check for overflow with back-division. [Bug #714106] */ length2 = length1 * count; + if ((length2 / count) != length1) { + char buf[TCL_INTEGER_SPACE+1]; + sprintf(buf, "%d", INT_MAX); + Tcl_AppendStringsToObj(resultPtr, + "string size overflow, must be less than ", + buf, (char *) NULL); + return TCL_ERROR; + } /* * Include space for the NULL */ |