From c58c25ef079a96e684e2be9bdf78040c84c3cf9b Mon Sep 17 00:00:00 2001 From: "jan.nijtmans" Date: Wed, 23 Jan 2013 13:57:30 +0000 Subject: Protect Tcl_GetIndexFromObjStruct from invalid "offset" values, like 0 or -1. Undocumented, because I don't want to promote people start using that. --- generic/tclIndexObj.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/generic/tclIndexObj.c b/generic/tclIndexObj.c index cc50fd3..0103cdb 100644 --- a/generic/tclIndexObj.c +++ b/generic/tclIndexObj.c @@ -144,7 +144,7 @@ Tcl_GetIndexFromObj(interp, objPtr, tablePtr, msg, flags, indexPtr) * returned and an error message is left in interp's result (unless * interp is NULL). The msg argument is used in the error * message; for example, if msg has the value "option" then the - * error message will say something flag 'bad option "foo": must be + * error message will say something like 'bad option "foo": must be * ...' * * Side effects: @@ -176,6 +176,10 @@ Tcl_GetIndexFromObjStruct(interp, objPtr, tablePtr, offset, msg, flags, Tcl_Obj *resultPtr; IndexRep *indexRep; + /* Protect against invalid values, like -1 or 0. */ + if (offset < (int)sizeof(char *)) { + offset = (int)sizeof(char *); + } /* * See if there is a valid cached result from a previous lookup. */ -- cgit v0.12