diff options
| author | dgp <dgp@users.sourceforge.net> | 2014-01-21 17:25:41 (GMT) |
|---|---|---|
| committer | dgp <dgp@users.sourceforge.net> | 2014-01-21 17:25:41 (GMT) |
| commit | 266f624c6dc52d4f148773bc48be98540c5dc53a (patch) | |
| tree | aedaf1a124daa63f5fcf7e66db36358d788e4db6 /generic/tclStringObj.c | |
| parent | b9663aff14aff96677a1252092a006ae19f81a8c (diff) | |
| parent | e0791bfa1b98a28520902dbb5018ffdcb5925860 (diff) | |
| download | tcl-266f624c6dc52d4f148773bc48be98540c5dc53a.zip tcl-266f624c6dc52d4f148773bc48be98540c5dc53a.tar.gz tcl-266f624c6dc52d4f148773bc48be98540c5dc53a.tar.bz2 | |
[2992970] Restore safety of Tcl_AppendObjToObj(x, x) for bytearrays.
Diffstat (limited to 'generic/tclStringObj.c')
| -rw-r--r-- | generic/tclStringObj.c | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c index e495c2e..dffa38c 100644 --- a/generic/tclStringObj.c +++ b/generic/tclStringObj.c @@ -1281,23 +1281,43 @@ Tcl_AppendObjToObj( if ((TclIsPureByteArray(objPtr) || objPtr->bytes == tclEmptyStringRep) && TclIsPureByteArray(appendObjPtr)) { - unsigned char *bytesSrc; - int lengthSrc, lengthTotal; /* - * We do not assume that objPtr and appendObjPtr must be distinct! - * This makes this code a bit more complex than it otherwise would be, - * but in turn makes it much safer. + * You might expect the code here to be + * + * bytes = Tcl_GetByteArrayFromObj(appendObjPtr, &length); + * TclAppendBytesToByteArray(objPtr, bytes, length); + * + * and essentially all of the time that would be fine. However, + * it would run into trouble in the case where objPtr and + * appendObjPtr point to the same thing. That may never be a + * good idea. It seems to violate Copy On Write, and we don't + * have any tests for the situation, since making any Tcl commands + * that call Tcl_AppendObjToObj() do that appears impossible + * (They honor Copy On Write!). For the sake of extensions that + * go off into that realm, though, here's a more complex approach + * that can handle all the cases. */ + /* Get lengths */ + int lengthSrc; + (void) Tcl_GetByteArrayFromObj(objPtr, &length); (void) Tcl_GetByteArrayFromObj(appendObjPtr, &lengthSrc); - lengthTotal = length + lengthSrc; - if (((length > lengthSrc) ? length : lengthSrc) > lengthTotal) { - Tcl_Panic("max size for a Tcl value (%d bytes) exceeded", INT_MAX); - } - bytesSrc = Tcl_GetByteArrayFromObj(appendObjPtr, NULL); - TclAppendBytesToByteArray(objPtr, bytesSrc, lengthSrc); + + /* Grow buffer enough for the append */ + TclAppendBytesToByteArray(objPtr, NULL, lengthSrc); + + /* Reset objPtr back to the original value */ + Tcl_SetByteArrayLength(objPtr, length); + + /* + * Now do the append knowing that buffer growth cannot cause + * any trouble. + */ + + TclAppendBytesToByteArray(objPtr, + Tcl_GetByteArrayFromObj(appendObjPtr, NULL), lengthSrc); return; } |