From 9e5f0ade58641b9719e70838d98e562c867193dd Mon Sep 17 00:00:00 2001
From: dkf <donal.k.fellows@manchester.ac.uk>
Date: Wed, 3 Dec 2014 23:05:15 +0000
Subject: [0dca3bfa8f] Strengthen validity checks on fast-path string
 comparison.

---
 generic/tclExecute.c  | 8 +++++---
 tests/stringComp.test | 8 ++++++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/generic/tclExecute.c b/generic/tclExecute.c
index 337a75f..b9da8fc 100644
--- a/generic/tclExecute.c
+++ b/generic/tclExecute.c
@@ -5410,8 +5410,8 @@ TEBCresume(
 		s1 = (char *) Tcl_GetByteArrayFromObj(valuePtr, &s1len);
 		s2 = (char *) Tcl_GetByteArrayFromObj(value2Ptr, &s2len);
 		memCmpFn = memcmp;
-	    } else if (((valuePtr->typePtr == &tclStringType)
-		    && (value2Ptr->typePtr == &tclStringType))) {
+	    } else if ((valuePtr->typePtr == &tclStringType)
+		    && (value2Ptr->typePtr == &tclStringType)) {
 		/*
 		 * Do a unicode-specific comparison if both of the args are of
 		 * String type. If the char length == byte length, we can do a
@@ -5422,7 +5422,9 @@ TEBCresume(
 		s1len = Tcl_GetCharLength(valuePtr);
 		s2len = Tcl_GetCharLength(value2Ptr);
 		if ((s1len == valuePtr->length)
-			&& (s2len == value2Ptr->length)) {
+			&& (valuePtr->bytes != NULL)
+			&& (s2len == value2Ptr->length)
+			&& (value2Ptr->bytes != NULL)) {
 		    s1 = valuePtr->bytes;
 		    s2 = value2Ptr->bytes;
 		    memCmpFn = memcmp;
diff --git a/tests/stringComp.test b/tests/stringComp.test
index f9f6bda..a66525e 100644
--- a/tests/stringComp.test
+++ b/tests/stringComp.test
@@ -720,6 +720,14 @@ test stringComp-14.2 {Bug 82e7f67325} memory {
 	}} {a b}
     }
 } {0}
+test stringComp-14.3 {Bug 0dca3bfa8f} {
+    apply {arg {
+	set argCopy $arg
+	set arg [string replace $arg 1 2 aa]
+	# Crashes in comparison before fix
+	expr {$arg ne $argCopy}
+    }} abcde
+} 1
 
 ## string tolower
 ## not yet bc
-- 
cgit v0.12