summaryrefslogtreecommitdiffstats
path: root/generic/tclStringObj.c
diff options
context:
space:
mode:
authordgp <dgp@users.sourceforge.net>2009-03-30 17:47:30 (GMT)
committerdgp <dgp@users.sourceforge.net>2009-03-30 17:47:30 (GMT)
commite66ab850f979cade24e2171705e22cc97ae11c41 (patch)
treede2005ae858faa3138a29ad678f6e078f6610ade /generic/tclStringObj.c
parenta8b9faafc0542a8833712172d50d9c00fe574c9f (diff)
downloadtcl-e66ab850f979cade24e2171705e22cc97ae11c41.zip
tcl-e66ab850f979cade24e2171705e22cc97ae11c41.tar.gz
tcl-e66ab850f979cade24e2171705e22cc97ae11c41.tar.bz2
* generic/tclStringObj.c: Added protections from invalid memory
* generic/tclTestObj.c: accesses when we append (some part of) * tests/stringObj.test: a Tcl_Obj to itself. Added the appendself and appendself2 subcommands to the [teststringobj] testing command and added tests to the test suite. [Bug 2603158]
Diffstat (limited to 'generic/tclStringObj.c')
-rw-r--r--generic/tclStringObj.c34
1 files changed, 33 insertions, 1 deletions
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index 6775273..45b0a25 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -33,7 +33,7 @@
* See the file "license.terms" for information on usage and redistribution of
* this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tclStringObj.c,v 1.70.2.7 2009/03/21 02:54:23 dgp Exp $ */
+ * RCS: @(#) $Id: tclStringObj.c,v 1.70.2.8 2009/03/30 17:47:30 dgp Exp $ */
#include "tclInt.h"
#include "tommath.h"
@@ -1317,6 +1317,17 @@ AppendUnicodeToUnicodeRep(
numChars = stringPtr->numChars + appendNumChars;
if (STRING_UALLOC(numChars) >= stringPtr->uallocated) {
+ /*
+ * Protect against case where unicode points into the existing
+ * stringPtr->unicode array. Force it to follow any relocations
+ * due to the reallocs below.
+ */
+ int offset = -1;
+ if (unicode >= stringPtr->unicode && unicode <= stringPtr->unicode
+ + 1 + stringPtr->uallocated / sizeof(Tcl_UniChar)) {
+ offset = unicode - stringPtr->unicode;
+ }
+
stringPtr->uallocated = STRING_UALLOC(2 * numChars);
tmpString = (String *) attemptckrealloc((char *)stringPtr,
STRING_SIZE(stringPtr->uallocated));
@@ -1329,6 +1340,11 @@ AppendUnicodeToUnicodeRep(
}
stringPtr = tmpString;
SET_STRING(objPtr, stringPtr);
+
+ /* Relocate unicode if needed; see above. */
+ if (offset >= 0) {
+ unicode = stringPtr->unicode + offset;
+ }
}
/*
@@ -1477,6 +1493,17 @@ AppendUtfToUtfRep(
stringPtr = GET_STRING(objPtr);
if (newLength > (int) stringPtr->allocated) {
/*
+ * Protect against case where unicode points into the existing
+ * stringPtr->unicode array. Force it to follow any relocations
+ * due to the reallocs below.
+ */
+ int offset = -1;
+ if (bytes >= objPtr->bytes
+ && bytes <= objPtr->bytes + objPtr->length) {
+ offset = bytes - objPtr->bytes;
+ }
+
+ /*
* There isn't currently enough space in the string representation so
* allocate additional space. First, try to double the length
* required. If that fails, try a more modest allocation. See the "TCL
@@ -1495,6 +1522,11 @@ AppendUtfToUtfRep(
Tcl_SetObjLength(objPtr, newLength + growth);
}
+
+ /* Relocate bytes if needed; see above. */
+ if (offset >=0) {
+ bytes = objPtr->bytes + offset;
+ }
}
/*