diff options
| author | dgp <dgp@users.sourceforge.net> | 2018-11-09 15:39:26 (GMT) |
|---|---|---|
| committer | dgp <dgp@users.sourceforge.net> | 2018-11-09 15:39:26 (GMT) |
| commit | 83ec300abdbc8486b4fd3272cd74a9c3f162ad7f (patch) | |
| tree | 7259dfc25be52679d61b6a19fa3003d9fb768820 /generic | |
| parent | ddae61a859c90b865bf0d82684638b80522d7922 (diff) | |
| download | tcl-83ec300abdbc8486b4fd3272cd74a9c3f162ad7f.zip tcl-83ec300abdbc8486b4fd3272cd74a9c3f162ad7f.tar.gz tcl-83ec300abdbc8486b4fd3272cd74a9c3f162ad7f.tar.bz2 | |
Revise bug fix to support (length == 0) correctly.
Added comments and improved safety in caller.
Diffstat (limited to 'generic')
| -rw-r--r-- | generic/tclListObj.c | 19 | ||||
| -rw-r--r-- | generic/tclUtil.c | 21 |
2 files changed, 35 insertions, 5 deletions
diff --git a/generic/tclListObj.c b/generic/tclListObj.c index e1dba8c..09ad034 100644 --- a/generic/tclListObj.c +++ b/generic/tclListObj.c @@ -1872,7 +1872,21 @@ UpdateStringOfList( * Pass 2: copy into string rep buffer. */ + /* + * We used to set the string length here, relying on a presumed + * guarantee that the number of bytes TclScanElement() calls reported + * to be needed was a precise count and not an over-estimate, so long + * as the same flag values were passed to TclConvertElement(). + * + * Then we saw [35a8f1c04a], where a bug in TclScanElement() caused + * that guarantee to fail. Rather than trust there are no more bugs, + * we set the length after the loop based on what was actually written, + * an not on what was predicted. + * listPtr->length = bytesNeeded - 1; + * + */ + listPtr->bytes = ckalloc((unsigned) bytesNeeded); dst = listPtr->bytes; for (i = 0; i < numElems; i++) { @@ -1881,7 +1895,10 @@ UpdateStringOfList( dst += TclConvertElement(elem, length, dst, flagPtr[i]); *dst++ = ' '; } - listPtr->bytes[listPtr->length] = '\0'; + dst[-1] = '\0'; + + /* Here is the safe setting of the string length. */ + listPtr->length = dst - 1 - listPtr->bytes; if (flagPtr != localFlags) { ckfree((char *) flagPtr); diff --git a/generic/tclUtil.c b/generic/tclUtil.c index 2a0d51a..d065069 100644 --- a/generic/tclUtil.c +++ b/generic/tclUtil.c @@ -944,10 +944,6 @@ TclScanElement( int preferEscape = 0; /* Use preferences to track whether to use */ int preferBrace = 0; /* CONVERT_MASK mode. */ int braceCount = 0; /* Count of all braces '{' '}' seen. */ - - if ((*src == '#') && !(*flagPtr & TCL_DONT_QUOTE_HASH)) { - preferBrace = 1; - } #endif if ((p == NULL) || (length == 0) || ((*p == '\0') && (length == -1))) { @@ -956,6 +952,23 @@ TclScanElement( return 2; } +#if COMPAT + /* + * We have an established history in TclConvertElement() when quoting + * because of a leading hash character to force what would be the + * CONVERT_MASK mode into the CONVERT_BRACE mode. That is, we format + * the element #{a"b} like this: + * {#{a"b}} + * and not like this: + * \#{a\"b} + * This is inconsistent with [list x{a"b}], but we will not change that now. + * Set that preference here so that we compute a tight size requirement. + */ + if ((*src == '#') && !(*flagPtr & TCL_DONT_QUOTE_HASH)) { + preferBrace = 1; + } +#endif + if ((*p == '{') || (*p == '"')) { /* * Must escape or protect so leading character of value is not |