diff options
| author | pooryorick <com.digitalsmarties@pooryorick.com> | 2023-04-25 20:34:03 (GMT) |
|---|---|---|
| committer | pooryorick <com.digitalsmarties@pooryorick.com> | 2023-04-25 20:34:03 (GMT) |
| commit | 76130df46050131c3a1c4ec22d6adbfaa637f2a7 (patch) | |
| tree | 2f0666ba0ac12b5d3dd0368cdbdc86073d55aef7 /generic/tclUtf.c | |
| parent | 025b74f7c7add01c5ca6654b03c29241c0845def (diff) | |
| download | tcl-76130df46050131c3a1c4ec22d6adbfaa637f2a7.zip tcl-76130df46050131c3a1c4ec22d6adbfaa637f2a7.tar.gz tcl-76130df46050131c3a1c4ec22d6adbfaa637f2a7.tar.bz2 | |
Fix for issue [f5eadcbf9a], passing pointer to uninitialized memory leads
Tcl_UniCharToUtf() to corrupt data.
Diffstat (limited to 'generic/tclUtf.c')
| -rw-r--r-- | generic/tclUtf.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/generic/tclUtf.c b/generic/tclUtf.c index cc5769f..42d2bea 100644 --- a/generic/tclUtf.c +++ b/generic/tclUtf.c @@ -348,6 +348,14 @@ Tcl_UniCharToUtfDString( p = string; wEnd = uniStr + uniLength; + + /* Initialize the buffer so that some random data doesn't trick + * Tcl_UniCharToUtf() into thinking it should combine surrogate pairs. + * Once TCL_UTF_MAX == 3 is removed and Tcl_UniCharToUtf restored to its + * prior non-stateful nature, this call to memset can also be removed. + */ + memset(p, 0, Tcl_DStringLength(dsPtr) - oldLength); + for (w = uniStr; w < wEnd; ) { p += Tcl_UniCharToUtf(*w, p); w++; @@ -391,6 +399,14 @@ Tcl_Char16ToUtfDString( p = string; wEnd = uniStr + uniLength; + + /* Initialize the buffer so that some random data doesn't trick + * Tcl_UniCharToUtf() into thinking it should combine surrogate pairs. + * Because TCL_COMBINE is used here, memset() is required even when + * TCL_UTF_MAX == 4. + */ + memset(p, 0, Tcl_DStringLength(dsPtr) - oldLength); + for (w = uniStr; w < wEnd; ) { if (!len && ((*w & 0xFC00) != 0xDC00)) { /* Special case for handling high surrogates. */ |