From 2fa8967c62a728986e69c0adfcc433c8da2d6dd4 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Wed, 12 Jan 2022 14:19:04 +0000
Subject: Proposed fix for [26f1328a86]: sizeof(int) < sizeof(void*) -> Crash

---
 generic/tclCompile.h | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/generic/tclCompile.h b/generic/tclCompile.h
index 03b4a90..997f08e 100644
--- a/generic/tclCompile.h
+++ b/generic/tclCompile.h
@@ -1509,22 +1509,22 @@ MODULE_SCOPE int	TclPushProcCallFrame(ClientData clientData,
 #   define TclGetInt1AtPtr(p) ((int) *((signed char *) p))
 #else
 #   define TclGetInt1AtPtr(p) \
-    (((int) *((char *) p)) | ((*(p) & 0200) ? (-256) : 0))
+    ((int) ((*((char *) p)) | ((*(p) & 0200) ? (-256) : 0)))
 #endif
 
 #define TclGetInt4AtPtr(p) \
-    (((int) (TclGetUInt1AtPtr(p) << 24)) |				\
-		     (*((p)+1) << 16) |				\
-		     (*((p)+2) <<  8) |				\
-		     (*((p)+3)))
+    ((int) ((TclGetUInt1AtPtr(p) << 24) |			\
+		       (*((p)+1) << 16) |			\
+		       (*((p)+2) <<  8) |			\
+		       (*((p)+3))))
 
 #define TclGetUInt1AtPtr(p) \
     ((unsigned int) *(p))
 #define TclGetUInt4AtPtr(p) \
-    ((unsigned int) (*(p)     << 24) |				\
-		    (*((p)+1) << 16) |				\
-		    (*((p)+2) <<  8) |				\
-		    (*((p)+3)))
+    ((unsigned int) ((*(p)     << 24) |				\
+		     (*((p)+1) << 16) |				\
+		     (*((p)+2) <<  8) |				\
+		     (*((p)+3))))
 
 /*
  * Macros used to compute the minimum and maximum of two integers. The ANSI C
-- 
cgit v0.12


From 2171b321cf1ec2d7c671d02dfea59860bccc06f2 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Wed, 12 Jan 2022 15:50:30 +0000
Subject: Fix [69218ab7b]: TEBCResume(): buffer over-read in INST_STR_MAP

---
 generic/tclExecute.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/generic/tclExecute.c b/generic/tclExecute.c
index 7e014d4..aa5730a 100644
--- a/generic/tclExecute.c
+++ b/generic/tclExecute.c
@@ -5855,7 +5855,9 @@ TEBCresume(
 	p = ustring1;
 	end = ustring1 + length;
 	for (; ustring1 < end; ustring1++) {
-	    if ((*ustring1 == *ustring2) && (length2==1 ||
+	    if ((*ustring1 == *ustring2) &&
+		/* Fix bug [69218ab7b]: restrict max compare length. */
+		(end-ustring1 >= length2) && (length2==1 ||
 		    memcmp(ustring1, ustring2, sizeof(Tcl_UniChar) * length2)
 			    == 0)) {
 		if (p != ustring1) {
-- 
cgit v0.12


From d679a49bc0da1e368daa6af07fcf72af2e3dceb4 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Thu, 13 Jan 2022 11:46:50 +0000
Subject: Fix [6cb3db4965]: pointer arithmetic using NULL in
 InitArgsAndLocals()

---
 generic/tclProc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generic/tclProc.c b/generic/tclProc.c
index 642294c..7921d38 100644
--- a/generic/tclProc.c
+++ b/generic/tclProc.c
@@ -1428,7 +1428,6 @@ InitArgsAndLocals(
     numArgs = procPtr->numArgs;
     argCt = framePtr->objc - skip;	/* Set it to the number of args to the
 					 * procedure. */
-    argObjs = framePtr->objv + skip;
     if (numArgs == 0) {
 	if (argCt) {
 	    goto incorrectArgs;
@@ -1436,6 +1435,7 @@ InitArgsAndLocals(
 	    goto correctArgs;
 	}
     }
+    argObjs = framePtr->objv + skip;
     imax = ((argCt < numArgs-1) ? argCt : numArgs-1);
     for (i = 0; i < imax; i++, varPtr++, defPtr ? defPtr++ : defPtr) {
 	/*
-- 
cgit v0.12