From 9c7addd0fee93ed5ccdf1faeccf7994924e2d6ca Mon Sep 17 00:00:00 2001
From: dgp <dgp@users.sourceforge.net>
Date: Fri, 24 Apr 2015 15:47:58 +0000
Subject: Fix UtfToUtfProc() to remove the potential to read beyond end of
 input buffer.

---
 generic/tclEncoding.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generic/tclEncoding.c b/generic/tclEncoding.c
index 1842fb6..54a49aa 100644
--- a/generic/tclEncoding.c
+++ b/generic/tclEncoding.c
@@ -2283,7 +2283,7 @@ UtfToUtfProc(
 
 	    *dst++ = *src++;
 	} else if (pureNullMode == 1 && UCHAR(*src) == 0xc0 &&
-		UCHAR(*(src+1)) == 0x80) {
+		(src + 1 < srcEnd) && UCHAR(*(src+1)) == 0x80) {
 	    /*
 	     * Convert 0xc080 to real nulls when we are in output mode.
 	     */
-- 
cgit v0.12