From f3edde2f64fa0a8ca5db52a25ae371832a9af65b Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Thu, 16 Dec 2021 21:25:52 +0000
Subject: Fix [d1434179b5]: avoid signed integer overflow in
 AppendUtfToUtfRep()

---
 generic/tclStringObj.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index e30b9af..75b449d 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -1722,10 +1722,10 @@ AppendUtfToUtfRep(
 	objPtr->length = 0;
     }
     oldLength = objPtr->length;
-    newLength = numBytes + oldLength;
-    if (newLength < 0) {
+    if (numBytes > INT_MAX - oldLength) {
 	Tcl_Panic("max size for a Tcl value (%d bytes) exceeded", INT_MAX);
     }
+    newLength = numBytes + oldLength;
 
     stringPtr = GET_STRING(objPtr);
     if (newLength > stringPtr->allocated) {
-- 
cgit v0.12