diff options
author | dgp <dgp@users.sourceforge.net> | 2009-03-30 17:47:30 (GMT) |
---|---|---|
committer | dgp <dgp@users.sourceforge.net> | 2009-03-30 17:47:30 (GMT) |
commit | e66ab850f979cade24e2171705e22cc97ae11c41 (patch) | |
tree | de2005ae858faa3138a29ad678f6e078f6610ade /generic/tclStringObj.c | |
parent | a8b9faafc0542a8833712172d50d9c00fe574c9f (diff) | |
download | tcl-e66ab850f979cade24e2171705e22cc97ae11c41.zip tcl-e66ab850f979cade24e2171705e22cc97ae11c41.tar.gz tcl-e66ab850f979cade24e2171705e22cc97ae11c41.tar.bz2 |
* generic/tclStringObj.c: Added protections from invalid memory
* generic/tclTestObj.c: accesses when we append (some part of)
* tests/stringObj.test: a Tcl_Obj to itself. Added the
appendself and appendself2 subcommands to the [teststringobj] testing
command and added tests to the test suite. [Bug 2603158]
Diffstat (limited to 'generic/tclStringObj.c')
-rw-r--r-- | generic/tclStringObj.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c index 6775273..45b0a25 100644 --- a/generic/tclStringObj.c +++ b/generic/tclStringObj.c @@ -33,7 +33,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclStringObj.c,v 1.70.2.7 2009/03/21 02:54:23 dgp Exp $ */ + * RCS: @(#) $Id: tclStringObj.c,v 1.70.2.8 2009/03/30 17:47:30 dgp Exp $ */ #include "tclInt.h" #include "tommath.h" @@ -1317,6 +1317,17 @@ AppendUnicodeToUnicodeRep( numChars = stringPtr->numChars + appendNumChars; if (STRING_UALLOC(numChars) >= stringPtr->uallocated) { + /* + * Protect against case where unicode points into the existing + * stringPtr->unicode array. Force it to follow any relocations + * due to the reallocs below. + */ + int offset = -1; + if (unicode >= stringPtr->unicode && unicode <= stringPtr->unicode + + 1 + stringPtr->uallocated / sizeof(Tcl_UniChar)) { + offset = unicode - stringPtr->unicode; + } + stringPtr->uallocated = STRING_UALLOC(2 * numChars); tmpString = (String *) attemptckrealloc((char *)stringPtr, STRING_SIZE(stringPtr->uallocated)); @@ -1329,6 +1340,11 @@ AppendUnicodeToUnicodeRep( } stringPtr = tmpString; SET_STRING(objPtr, stringPtr); + + /* Relocate unicode if needed; see above. */ + if (offset >= 0) { + unicode = stringPtr->unicode + offset; + } } /* @@ -1477,6 +1493,17 @@ AppendUtfToUtfRep( stringPtr = GET_STRING(objPtr); if (newLength > (int) stringPtr->allocated) { /* + * Protect against case where unicode points into the existing + * stringPtr->unicode array. Force it to follow any relocations + * due to the reallocs below. + */ + int offset = -1; + if (bytes >= objPtr->bytes + && bytes <= objPtr->bytes + objPtr->length) { + offset = bytes - objPtr->bytes; + } + + /* * There isn't currently enough space in the string representation so * allocate additional space. First, try to double the length * required. If that fails, try a more modest allocation. See the "TCL @@ -1495,6 +1522,11 @@ AppendUtfToUtfRep( Tcl_SetObjLength(objPtr, newLength + growth); } + + /* Relocate bytes if needed; see above. */ + if (offset >=0) { + bytes = objPtr->bytes + offset; + } } /* |