From 552ef1ca02c0b71c2c1cda3d1330a4fabc93b3c1 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 5 Dec 2023 22:42:02 +0000 Subject: closes [db4f2843cd]: fixes SF by BO in ReadChars (and Tcl_ReadChars with append) caused by wrong buffer enlarge if objPtr shimmering to unicode for whatever reason, since Tcl_AppendToObj prefers unicode to bytes, whereas Tcl_SetObjLength prefers bytes (like the ReadChars) --- generic/tclIO.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generic/tclIO.c b/generic/tclIO.c index 0f79f1e..0153646 100644 --- a/generic/tclIO.c +++ b/generic/tclIO.c @@ -6112,7 +6112,7 @@ ReadChars( int dstLimit = TCL_UTF_MAX - 1 + toRead * factor / UTF_EXPANSION_FACTOR; (void) TclGetStringFromObj(objPtr, &numBytes); - Tcl_AppendToObj(objPtr, NULL, dstLimit); + Tcl_SetObjLength(objPtr, numBytes + dstLimit); if (toRead == srcLen) { unsigned int size; -- cgit v0.12