Fix [ab123cfd3d] - scan ubsan. Tx chrstphrchvz for patch

1 files changed, 9 insertions, 6 deletions

diff --git a/generic/tclScan.c b/generic/tclScan.c
index f37f596..ba3d90f 100644
--- a/generic/tclScan.c
+++ b/generic/tclScan.c
@@ -305,7 +305,7 @@ ValidateFormat(
 	     * format string.
 	     */
 
-	    value = strtoul(format-1, &end, 10);	/* INTL: "C" locale. */
+	    unsigned long ul = strtoul(format-1, &end, 10);	/* INTL: "C" locale. */
 	    if (*end != '$') {
 		goto notXpg;
 	    }
@@ -315,17 +315,20 @@ ValidateFormat(
 	    if (gotSequential) {
 		goto mixedXPG;
 	    }
-	    objIndex = value - 1;
-	    if ((objIndex < 0) || (numVars && (objIndex >= numVars))) {
+	    if (ul == 0 || ul >= INT_MAX) {
+		goto badIndex;
+	    }
+	    objIndex = (int) ul - 1;
+	    if (numVars && (objIndex >= numVars)) {
 		goto badIndex;
 	    } else if (numVars == 0) {
 		/*
 		 * In the case where no vars are specified, the user can
 		 * specify %9999$ legally, so we have to consider special
-		 * rules for growing the assign array. 'value' is guaranteed
-		 * to be > 0.
+		 * rules for growing the assign array. 'ul' is guaranteed
+		 * to be > 0 and < INT_MAX as per checks above.
 		 */
-		xpgSize = (xpgSize > value) ? xpgSize : value;
+		xpgSize = (xpgSize > (int)ul) ? xpgSize : (int)ul;
 	    }
 	    goto xpgCheckDone;
 	}