summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--generic/regc_lex.c2
2 files changed, 6 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5d44f33..117f812 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-10-30 Donal K. Fellows <donal.k.fellows@man.ac.uk>
+
+ * generic/regc_lex.c (lexescape): Ensure that backreference numbers
+ can't overflow a signed int in a way that breaks things. [Bug 1810264]
+
2007-10-15 Miguel Sofer <msofer@users.sf.net>
* generic/tclParse.c (Tcl_ParseBraces): fix for possible read
diff --git a/generic/regc_lex.c b/generic/regc_lex.c
index 1acc3f4..588718d 100644
--- a/generic/regc_lex.c
+++ b/generic/regc_lex.c
@@ -783,7 +783,7 @@ struct vars *v;
if (ISERR())
FAILW(REG_EESCAPE);
/* ugly heuristic (first test is "exactly 1 digit?") */
- if (v->now - save == 0 || (int)c <= v->nsubexp) {
+ if (v->now-save == 0 || ((int)c > 0 && (int)c <= v->nsubexp)) {
NOTE(REG_UBACKREF);
RETV(BACKREF, (chr)c);
}
generated by cgit v0.12 at 2024-08-19 19:42:38 (GMT)