From 965e4bbab2201076c8c2bc6ae5baca705ab889b0 Mon Sep 17 00:00:00 2001 From: dgp Date: Wed, 13 Jul 2011 17:53:58 +0000 Subject: 3366265 Buffer allocated one byte too small caused overrun. --- ChangeLog | 7 +++++++ generic/tclProc.c | 2 +- tests/indexObj.test | 5 +++++ tests/proc.test | 5 +++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2865933..2a31c51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2011-07-13 Don Porter + + * generic/tclProc.c: [Bug 3366265] Buffer for storing the command + * tests/indexObj.test: name formatted as a list element is allocated + * tests/proc.test: one byte too small, causing buffer overflow + when the proc with the empty name raises a "wrong num args" error. + 2011-07-03 Donal K. Fellows * doc/FileSystem.3: Corrected statements about ctime field of 'struct diff --git a/generic/tclProc.c b/generic/tclProc.c index be35bab..abfd152 100644 --- a/generic/tclProc.c +++ b/generic/tclProc.c @@ -1155,7 +1155,7 @@ TclObjInterpProc(clientData, interp, objc, objv) len = Tcl_ScanCountedElement(procName, nameLen, &flags); if (len != nameLen) { - char *procName1 = ckalloc((unsigned) len); + char *procName1 = ckalloc((unsigned) len + 1); len = Tcl_ConvertCountedElement(procName, nameLen, procName1, flags); Tcl_AppendToObj(objResult, procName1, len); ckfree(procName1); diff --git a/tests/indexObj.test b/tests/indexObj.test index 6dd66b6..414901f 100644 --- a/tests/indexObj.test +++ b/tests/indexObj.test @@ -108,6 +108,11 @@ test indexObj-5.5 {Tcl_WrongNumArgs} { test indexObj-5.6 {Tcl_WrongNumArgs} { testwrongnumargs 2 "" mycmd foo } "wrong # args: should be \"mycmd foo\"" +# Contrast this with test proc-3.6; they have to be like this because +# of [Bug 1066837] so Itcl won't break. +test indexObj-5.7 {Tcl_WrongNumArgs} testindexobj { + testwrongnumargs 2 "fee fi" "fo fum" foo bar +} "wrong # args: should be \"fo fum foo fee fi\"" test indexObj-6.1 {Tcl_GetIndexFromObjStruct} { set x a diff --git a/tests/proc.test b/tests/proc.test index 4e28554..8974663 100644 --- a/tests/proc.test +++ b/tests/proc.test @@ -171,6 +171,11 @@ test proc-3.6 {TclObjInterpProc, proper quoting of proc name, Bug 942757} { list [catch {{a b c}} msg] $msg } {1 {wrong # args: should be "{a b c} x"}} +test proc-3.7 {TclObjInterpProc, wrong num args, Bug 3366265} { + proc {} {x} {} + list [catch {{}} msg] $msg +} {1 {wrong # args: should be "{} x"}} + catch {eval namespace delete [namespace children :: test_ns_*]} catch {rename p ""} catch {rename {} ""} -- cgit v0.12