From e874b759fc95fea19afd03d71388ed379872493f Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Thu, 13 Jan 2022 11:12:40 +0000
Subject: Suggested fix for [bca10e3790]: Undefined behavior in ResultAdd().
 Make functions like ResultAdd() equal in tclIOGt.c and tclIOTrans.c

---
 generic/tclIOGT.c     |  8 ++++----
 generic/tclIORTrans.c | 30 +++++++++++++++---------------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/generic/tclIOGT.c b/generic/tclIOGT.c
index dadcb53..6b1c341 100644
--- a/generic/tclIOGT.c
+++ b/generic/tclIOGT.c
@@ -108,7 +108,7 @@ typedef struct ResultBuffer ResultBuffer;
 static inline void	ResultClear(ResultBuffer *r);
 static inline void	ResultInit(ResultBuffer *r);
 static inline int	ResultEmpty(ResultBuffer *r);
-static inline int	ResultCopy(ResultBuffer *r, unsigned char *buf,
+static inline size_t	ResultCopy(ResultBuffer *r, unsigned char *buf,
 			    size_t toRead);
 static inline void	ResultAdd(ResultBuffer *r, unsigned char *buf,
 			    size_t toWrite);
@@ -1361,13 +1361,13 @@ ResultEmpty(
  *----------------------------------------------------------------------
  */
 
-static inline int
+static inline size_t
 ResultCopy(
     ResultBuffer *r,		/* The buffer to read from. */
     unsigned char *buf,		/* The buffer to copy into. */
     size_t toRead)		/* Number of requested bytes. */
 {
-    if (r->used == 0) {
+    if (ResultEmpty(r)) {
 	/*
 	 * Nothing to copy in the case of an empty buffer.
 	 */
@@ -1424,7 +1424,7 @@ ResultAdd(
     unsigned char *buf,		/* The buffer to read from. */
     size_t toWrite)		/* The number of bytes in 'buf'. */
 {
-    if (r->used + toWrite > r->allocated) {
+    if ((r->used + toWrite + 1) > r->allocated) {
 	/*
 	 * Extension of the internal buffer is required.
 	 */
diff --git a/generic/tclIORTrans.c b/generic/tclIORTrans.c
index e0c39ad..eecd412 100644
--- a/generic/tclIORTrans.c
+++ b/generic/tclIORTrans.c
@@ -85,22 +85,22 @@ static const Tcl_ChannelType tclRTransformType = {
  * layers upon reading from the channel, plus the functions to manage such.
  */
 
-typedef struct _ResultBuffer_ {
+typedef struct {
     unsigned char *buf;		/* Reference to the buffer area. */
-    int allocated;		/* Allocated size of the buffer area. */
-    int used;			/* Number of bytes in the buffer,
+    size_t allocated;		/* Allocated size of the buffer area. */
+    size_t used;			/* Number of bytes in the buffer,
 				 * <= allocated. */
 } ResultBuffer;
 
 #define ResultLength(r) ((r)->used)
 /* static int		ResultLength(ResultBuffer *r); */
 
-static void		ResultClear(ResultBuffer *r);
-static void		ResultInit(ResultBuffer *r);
-static void		ResultAdd(ResultBuffer *r, unsigned char *buf,
-			    int toWrite);
-static int		ResultCopy(ResultBuffer *r, unsigned char *buf,
-			    int toRead);
+static inline void		ResultClear(ResultBuffer *r);
+static inline void		ResultInit(ResultBuffer *r);
+static inline void ResultAdd(ResultBuffer *r, unsigned char *buf,
+			    size_t toWrite);
+static inline size_t	ResultCopy(ResultBuffer *r, unsigned char *buf,
+			    size_t toRead);
 
 #define RB_INCREMENT (512)
 
@@ -2934,7 +2934,7 @@ TimerRun(
  *----------------------------------------------------------------------
  */
 
-static void
+static inline void
 ResultInit(
     ResultBuffer *rPtr)		/* Reference to the structure to
 				 * initialize. */
@@ -2959,7 +2959,7 @@ ResultInit(
  *----------------------------------------------------------------------
  */
 
-static void
+static inline void
 ResultClear(
     ResultBuffer *rPtr)		/* Reference to the buffer to clear out */
 {
@@ -2990,11 +2990,11 @@ ResultClear(
  *----------------------------------------------------------------------
  */
 
-static void
+static inline void
 ResultAdd(
     ResultBuffer *rPtr,		/* The buffer to extend */
     unsigned char *buf,		/* The buffer to read from */
-    int toWrite)		/* The number of bytes in 'buf' */
+    size_t toWrite)		/* The number of bytes in 'buf' */
 {
     if ((rPtr->used + toWrite + 1) > rPtr->allocated) {
 	/*
@@ -3038,11 +3038,11 @@ ResultAdd(
  *----------------------------------------------------------------------
  */
 
-static int
+static inline size_t
 ResultCopy(
     ResultBuffer *rPtr,		/* The buffer to read from */
     unsigned char *buf,		/* The buffer to copy into */
-    int toRead)			/* Number of requested bytes */
+    size_t toRead)			/* Number of requested bytes */
 {
     int copied;
 
-- 
cgit v0.12


From 1bc44ec32ab03ebaec021f52129ee1fefcac7850 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Thu, 13 Jan 2022 12:22:51 +0000
Subject: Fix [816913a65e]: GrowStringBuffer(): signed integer overflow. And a
 few similar situations in other place

---
 generic/tclBinary.c    | 2 +-
 generic/tclCkalloc.c   | 2 +-
 generic/tclCompile.c   | 2 +-
 generic/tclObj.c       | 2 +-
 generic/tclProc.c      | 2 +-
 generic/tclStringObj.c | 6 +++---
 generic/tclStringRep.h | 2 +-
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/generic/tclBinary.c b/generic/tclBinary.c
index 0296770..6f36d54 100644
--- a/generic/tclBinary.c
+++ b/generic/tclBinary.c
@@ -189,7 +189,7 @@ typedef struct ByteArray {
 } ByteArray;
 
 #define BYTEARRAY_SIZE(len) \
-		((unsigned) (TclOffset(ByteArray, bytes) + (len)))
+		(((unsigned)TclOffset(ByteArray, bytes) + (len)))
 #define GET_BYTEARRAY(objPtr) \
 		((ByteArray *) (objPtr)->internalRep.twoPtrValue.ptr1)
 #define SET_BYTEARRAY(objPtr, baPtr) \
diff --git a/generic/tclCkalloc.c b/generic/tclCkalloc.c
index 8c83aeb..20285eb 100644
--- a/generic/tclCkalloc.c
+++ b/generic/tclCkalloc.c
@@ -41,7 +41,7 @@ typedef struct MemTag {
 				 * last field in the structure. */
 } MemTag;
 
-#define TAG_SIZE(bytesInString) ((unsigned) ((TclOffset(MemTag, string) + 1) + (bytesInString)))
+#define TAG_SIZE(bytesInString) ((unsigned) ((TclOffset(MemTag, string) + 1U) + (bytesInString)))
 
 static MemTag *curTagPtr = NULL;/* Tag to use in all future mem_headers (set
 				 * by "memory tag" command). */
diff --git a/generic/tclCompile.c b/generic/tclCompile.c
index eb2e16b..4a50089 100644
--- a/generic/tclCompile.c
+++ b/generic/tclCompile.c
@@ -3010,7 +3010,7 @@ TclFindCompiledLocal(
 
     if (create || (name == NULL)) {
 	localVar = procPtr->numCompiledLocals;
-	localPtr = ckalloc(TclOffset(CompiledLocal, name) + nameBytes + 1);
+	localPtr = ckalloc(TclOffset(CompiledLocal, name) + 1U + nameBytes);
 	if (procPtr->firstLocalPtr == NULL) {
 	    procPtr->firstLocalPtr = procPtr->lastLocalPtr = localPtr;
 	} else {
diff --git a/generic/tclObj.c b/generic/tclObj.c
index 0950dcd..1fd674f 100644
--- a/generic/tclObj.c
+++ b/generic/tclObj.c
@@ -576,7 +576,7 @@ TclContinuationsEnter(
     ThreadSpecificData *tsdPtr = TclGetContLineTable();
     Tcl_HashEntry *hPtr =
 	    Tcl_CreateHashEntry(tsdPtr->lineCLPtr, objPtr, &newEntry);
-    ContLineLoc *clLocPtr = (ContLineLoc *)ckalloc(TclOffset(ContLineLoc, loc) + (num + 1) *sizeof(int));
+    ContLineLoc *clLocPtr = (ContLineLoc *)ckalloc(TclOffset(ContLineLoc, loc) + (num + 1U) *sizeof(int));
 
     if (!newEntry) {
 	/*
diff --git a/generic/tclProc.c b/generic/tclProc.c
index 7921d38..a533878 100644
--- a/generic/tclProc.c
+++ b/generic/tclProc.c
@@ -600,7 +600,7 @@ TclCreateProc(
 	     */
 
 	    localPtr = (CompiledLocal *)ckalloc(
-		    TclOffset(CompiledLocal, name) + fieldValues[0]->length + 1);
+		    TclOffset(CompiledLocal, name) + 1U + fieldValues[0]->length);
 	    if (procPtr->firstLocalPtr == NULL) {
 		procPtr->firstLocalPtr = procPtr->lastLocalPtr = localPtr;
 	    } else {
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index 75b449d..edfcb9f 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -151,7 +151,7 @@ GrowStringBuffer(
     if (flag == 0 || stringPtr->allocated > 0) {
 	if (needed <= INT_MAX / 2) {
 	    attempt = 2 * needed;
-	    ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1);
+	    ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1U);
 	}
 	if (ptr == NULL) {
 	    /*
@@ -164,7 +164,7 @@ GrowStringBuffer(
 	    int growth = (int) ((extra > limit) ? limit : extra);
 
 	    attempt = needed + growth;
-	    ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1);
+	    ptr = (char *)attemptckrealloc(objPtr->bytes, attempt + 1U);
 	}
     }
     if (ptr == NULL) {
@@ -173,7 +173,7 @@ GrowStringBuffer(
 	 */
 
 	attempt = needed;
-	ptr = (char *)ckrealloc(objPtr->bytes, attempt + 1);
+	ptr = (char *)ckrealloc(objPtr->bytes, attempt + 1U);
     }
     objPtr->bytes = ptr;
     stringPtr->allocated = attempt;
diff --git a/generic/tclStringRep.h b/generic/tclStringRep.h
index 59e9499..c0adc10 100644
--- a/generic/tclStringRep.h
+++ b/generic/tclStringRep.h
@@ -67,7 +67,7 @@ typedef struct String {
 #define STRING_MAXCHARS \
     (int)(((size_t)UINT_MAX - 1 - TclOffset(String, unicode))/sizeof(Tcl_UniChar))
 #define STRING_SIZE(numChars) \
-    (TclOffset(String, unicode) + (((numChars) + 1) * sizeof(Tcl_UniChar)))
+    (TclOffset(String, unicode) + (((numChars) + 1U) * sizeof(Tcl_UniChar)))
 #define stringCheckLimits(numChars) \
     do {								\
 	if ((numChars) < 0 || (numChars) > STRING_MAXCHARS) {		\
-- 
cgit v0.12