From ff9b3b8ec7d147ac0092284c95bc1c804a9bb207 Mon Sep 17 00:00:00 2001 From: dgp Date: Tue, 7 Feb 2012 20:28:56 +0000 Subject: 3484402 Correct Off-By-One error appending unicode. Thanks to Poor Yorick. Also converted some memcpy() to memmove() to reliably handle overlapping copies, and corrected test for when growth is needed. --- generic/tclStringObj.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c index b5b3674..e8aee4b 100644 --- a/generic/tclStringObj.c +++ b/generic/tclStringObj.c @@ -1308,7 +1308,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) numChars = stringPtr->numChars + appendNumChars; stringCheckLimits(numChars); - if (STRING_UALLOC(numChars) >= stringPtr->uallocated) { + if (STRING_UALLOC(numChars) > stringPtr->uallocated) { /* * Protect against case where unicode points into the existing * stringPtr->unicode array. Force it to follow any relocations @@ -1316,7 +1316,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) */ int offset = -1; if (unicode >= stringPtr->unicode && unicode <= stringPtr->unicode - + 1 + stringPtr->uallocated / sizeof(Tcl_UniChar)) { + + stringPtr->uallocated / sizeof(Tcl_UniChar)) { offset = unicode - stringPtr->unicode; } @@ -1334,7 +1334,7 @@ AppendUnicodeToUnicodeRep(objPtr, unicode, appendNumChars) * trailing null. */ - memcpy((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode, + memmove((VOID*) (stringPtr->unicode + stringPtr->numChars), unicode, appendNumChars * sizeof(Tcl_UniChar)); stringPtr->unicode[numChars] = 0; stringPtr->numChars = numChars; @@ -1514,7 +1514,7 @@ AppendUtfToUtfRep(objPtr, bytes, numBytes) stringPtr->numChars = -1; stringPtr->hasUnicode = 0; - memcpy((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes, + memmove((VOID *) (objPtr->bytes + oldLength), (VOID *) bytes, (size_t) numBytes); objPtr->bytes[newLength] = 0; objPtr->length = newLength; -- cgit v0.12