From 67319477f132908fc3f5241bece926457d7d4a5e Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 1 Nov 2022 17:02:02 +0000
Subject: Bug-fix for TIP #502 implementation: Two missing out-of-bound
 situations in TclIndexEncode(), one for index > MAX_INT, one for index <
 end-MAX_INT

---
 generic/tclUtil.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/generic/tclUtil.c b/generic/tclUtil.c
index ab97461..4b9c120 100644
--- a/generic/tclUtil.c
+++ b/generic/tclUtil.c
@@ -4068,7 +4068,11 @@ TclIndexEncode(
 	 * We parsed an end+offset index value.
 	 * wide holds the offset value in the range WIDE_MIN...WIDE_MAX.
 	 */
-	if (wide > (unsigned)(irPtr ? TCL_INDEX_END : INT_MAX)) {
+	if (!irPtr && (wide > INT_MAX)) {
+	    return TCL_ERROR;
+	} else if (irPtr && (wide < INT_MIN)) {
+	    return TCL_ERROR;
+	} else if (wide > (unsigned)(irPtr ? TCL_INDEX_END : INT_MAX)) {
 	    /*
 	     * All end+postive or end-negative expressions
 	     * always indicate "after the end".
-- 
cgit v0.12