diff options
| -rw-r--r-- | changes | 10 | ||||
| -rw-r--r-- | generic/tclBinary.c | 10 | ||||
| -rw-r--r-- | tests/binary.test | 12 |
3 files changed, 30 insertions, 2 deletions
@@ -8765,4 +8765,12 @@ improvements to regexp engine from Postgres (lane,porter,fellows,seltenreich) 2017-04-28 (bug)[f34cf8] [file join a //b] => /b (neumann,porter) ---- Released 8.6.7, May 10, 2016 --- http://core.tcl.tk/tcl/ for details +2017-05-01 (bug)[8bd13f] Windows threads and pipes (sebres,nijtmans) + +2017-05-01 (bug)[f9fe90] [file join //a b] EIAS violation (aspect,porter) + +2017-05-04 (bug) Make test filesystem-1.52 pass on Windows (nijtmans) + +2017-05-05 (bug)[601522] [binary] field spec overflow -> segfault (porter) + +--- Released 8.6.7, May 17, 2016 --- http://core.tcl.tk/tcl/ for details diff --git a/generic/tclBinary.c b/generic/tclBinary.c index 981f174..2a4fd84 100644 --- a/generic/tclBinary.c +++ b/generic/tclBinary.c @@ -1653,7 +1653,15 @@ GetFormatSpec( (*formatPtr)++; *countPtr = BINARY_ALL; } else if (isdigit(UCHAR(**formatPtr))) { /* INTL: digit */ - *countPtr = strtoul(*formatPtr, (char **) formatPtr, 10); + unsigned long int count; + + errno = 0; + count = strtoul(*formatPtr, (char **) formatPtr, 10); + if (errno || (count > (unsigned long) INT_MAX)) { + *countPtr = INT_MAX; + } else { + *countPtr = (int) count; + } } else { *countPtr = BINARY_NOCOUNT; } diff --git a/tests/binary.test b/tests/binary.test index 40b1315..2a306a3 100644 --- a/tests/binary.test +++ b/tests/binary.test @@ -1506,6 +1506,18 @@ test binary-37.9 {GetFormatSpec: numbers} { binary scan $x f* bla set bla } {1.0 -1.0 2.0 -2.0 0.0} +test binary-37.10 {GetFormatSpec: count overflow} { + binary scan x a[format %ld 0x7fffffff] r +} 0 +test binary-37.11 {GetFormatSpec: count overflow} { + binary scan x a[format %ld 0x10000000] r +} 0 +test binary-37.12 {GetFormatSpec: count overflow} { + binary scan x a[format %ld 0x100000000] r +} 0 +test binary-37.13 {GetFormatSpec: count overflow} { + binary scan x a[format %lld 0x10000000000000000] r +} 0 test binary-38.1 {FormatNumber: word alignment} { set x [binary format c1s1 1 1] |