From 22f59c102a2c3880b0e8aa0b3cae623411e84b2f Mon Sep 17 00:00:00 2001
From: apnadkarni <apnmbx-wits@yahoo.com>
Date: Tue, 5 Sep 2023 05:48:57 +0000
Subject: Fix [b5ac3e3786] - Tcl_GetUniChar oob read

---
 generic/tclStringObj.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index b1046b1..975b991 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -575,6 +575,9 @@ Tcl_GetUniChar(
 	if (stringPtr->numChars == -1) {
 	    TclNumUtfChars(stringPtr->numChars, objPtr->bytes, objPtr->length);
 	}
+        if (index >= stringPtr->numChars) {
+            return 0xFFFD;
+        }
 	if (stringPtr->numChars == objPtr->length) {
 	    return (unsigned char) objPtr->bytes[index];
 	}
@@ -631,7 +634,11 @@ TclGetUCS4(
 	if (stringPtr->numChars == -1) {
 	    TclNumUtfChars(stringPtr->numChars, objPtr->bytes, objPtr->length);
 	}
+        if (index >= stringPtr->numChars) {
+            return -1;
+        }
 	if (stringPtr->numChars == objPtr->length) {
+            /* Pure ascii, can directly index bytes */
 	    return (unsigned char) objPtr->bytes[index];
 	}
 	FillUnicodeRep(objPtr);
-- 
cgit v0.12