From 6f2284ab12177714d29ad979fa1f1420e61f836b Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Fri, 7 Oct 2022 10:18:33 +0000
Subject: Follow-up to [1599352cca]: Tcl_Merge(): out-of-bounds write, more
 signed integer overflow. Better panic message when argc < 0.

---
 generic/tclUtil.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/generic/tclUtil.c b/generic/tclUtil.c
index cacd23e..a8bf795 100644
--- a/generic/tclUtil.c
+++ b/generic/tclUtil.c
@@ -1577,7 +1577,10 @@ Tcl_Merge(
      * simpler.
      */
 
-    if (argc == 0) {
+    if (argc <= 0) {
+	if (argc < 0) {
+	    Tcl_Panic("Tcl_Merge called with negative argc (%d)", argc);
+	}
 	result = (char *)ckalloc(1);
 	result[0] = '\0';
 	return result;
-- 
cgit v0.12