From 401efde7b4d67a1ca4b84373795ec67ccd785306 Mon Sep 17 00:00:00 2001 From: Kevin B Kenny Date: Mon, 23 Apr 2007 17:34:05 +0000 Subject: * generic/tclEnv.c (ReplaceString): Clear memory correctly when growing the cache to avoid reads of uninitialised data. * generic/tclStrToD.c (AccumulateDecimalDigit): Fixed a mistake where we'd run beyond the end of the 'pow10_wide' array if a number begins with a string of more than 'maxpow10_wide' zeroes. Both these issues reported under [Bug 1705778] - detected with the existing test suite, no new regression tests required. --- ChangeLog | 10 ++++++++++ generic/tclEnv.c | 5 +++-- generic/tclStrToD.c | 48 +++++++++++++++++++++++++++++------------------- 3 files changed, 42 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 34a0c00..0830cc4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2007-04-23 Kevin B. Kenny + + * generic/tclEnv.c (ReplaceString): Clear memory correctly when + growing the cache to avoid reads of uninitialised data. + * generic/tclStrToD.c (AccumulateDecimalDigit): Fixed a mistake + where we'd run beyond the end of the 'pow10_wide' array if + a number begins with a string of more than 'maxpow10_wide' zeroes. + Both these issues reported under [Bug 1705778] - detected with + the existing test suite, no new regression tests required. + 2007-04-22 Miguel Sofer * generic/tclVar.c (TclDeleteNamespaceVars): fixed access to freed diff --git a/generic/tclEnv.c b/generic/tclEnv.c index 596e68b..30bce65 100644 --- a/generic/tclEnv.c +++ b/generic/tclEnv.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclEnv.c,v 1.32 2007/04/10 14:47:13 dkf Exp $ + * RCS: @(#) $Id: tclEnv.c,v 1.33 2007/04/23 17:34:06 kennykb Exp $ */ #include "tclInt.h" @@ -677,7 +677,8 @@ ReplaceString( environCache = (char **) ckrealloc ((char *) environCache, (cacheSize + growth) * sizeof(char *)); environCache[cacheSize] = newStr; - (void) memset(environCache+cacheSize+1, (int) 0, (size_t) (growth - 1)); + (void) memset(environCache+cacheSize+1, (int) 0, + (size_t) ((growth-1) * sizeof(char*))); cacheSize += growth; } } diff --git a/generic/tclStrToD.c b/generic/tclStrToD.c index afcf7eb..dc19855 100755 --- a/generic/tclStrToD.c +++ b/generic/tclStrToD.c @@ -14,7 +14,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclStrToD.c,v 1.29 2007/04/16 13:36:35 dkf Exp $ + * RCS: @(#) $Id: tclStrToD.c,v 1.30 2007/04/23 17:34:07 kennykb Exp $ * *---------------------------------------------------------------------- */ @@ -1182,32 +1182,42 @@ AccumulateDecimalDigit( * to this digit. */ { int i, n; + Tcl_WideUInt w; /* - * Check if the number still fits in a wide. + * Try wide multiplication first */ - if (!bignumFlag && *wideRepPtr!=0 && ((numZeros >= maxpow10_wide) || - *wideRepPtr > ((~(Tcl_WideUInt)0)-digit)/pow10_wide[numZeros+1])) { - /* - * Oops, it's overflowed, have to allocate a bignum. - */ - - TclBNInitBignumFromWideUInt (bignumRepPtr, *wideRepPtr); - bignumFlag = 1; + if (!bignumFlag) { + w = *wideRepPtr; + if (w == 0) { + /* + * There's no need to multiply if the multiplicand is zero. + */ + *wideRepPtr = digit; + return 0; + } else if (numZeros >= maxpow10_wide + || w > ((~(Tcl_WideUInt)0)-digit)/pow10_wide[numZeros+1]) { + /* + * Wide multiplication will overflow. Expand the + * number to a bignum and fall through into the bignum case. + */ + + TclBNInitBignumFromWideUInt (bignumRepPtr, w); + } else { + /* + * Wide multiplication. + */ + *wideRepPtr = w * pow10_wide[numZeros+1] + digit; + return 0; + } } /* - * Multiply the number by 10**numZeros+1 and add in the new digit. + * Bignum multiplication. */ - if (!bignumFlag) { - /* - * Wide multiplication. - */ - - *wideRepPtr = *wideRepPtr * pow10_wide[numZeros+1] + digit; - } else if (numZeros < log10_DIGIT_MAX) { + if (numZeros < log10_DIGIT_MAX) { /* * Up to about 8 zeros - single digit multiplication. */ @@ -1240,7 +1250,7 @@ AccumulateDecimalDigit( mp_add_d(bignumRepPtr, (mp_digit) digit, bignumRepPtr); } - return bignumFlag; + return 1; } /* -- cgit v0.12