From 9d568b1bdd58e6080af0bf086cc040a63ce4f549 Mon Sep 17 00:00:00 2001
From: sebres <sebres@users.sourceforge.net>
Date: Tue, 5 Feb 2019 21:59:46 +0000
Subject: fixes segfault [bd94500678]: Tcl_UtfToUniChar/TclUtfToUniChar could
 don't advance source pointer in case it produce high surrogate, so it should
 be repeated with the same value of ch (returned previously), in order to
 generate low surrogate hereafter (and to avoid endless cycle).

---
 generic/tclBinary.c | 2 +-
 tests/binary.test   | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/generic/tclBinary.c b/generic/tclBinary.c
index 5b26b2f..e912c1f 100644
--- a/generic/tclBinary.c
+++ b/generic/tclBinary.c
@@ -549,6 +549,7 @@ SetByteArrayFromAny(
     int improper = 0;
     const char *src, *srcEnd;
     unsigned char *dst;
+    Tcl_UniChar ch = 0;
     ByteArray *byteArrayPtr;
     Tcl_ObjIntRep ir;
 
@@ -565,7 +566,6 @@ SetByteArrayFromAny(
 
     byteArrayPtr = ckalloc(BYTEARRAY_SIZE(length));
     for (dst = byteArrayPtr->bytes; src < srcEnd; ) {
-	Tcl_UniChar ch = 0;
 	src += TclUtfToUniChar(src, &ch);
 	improper = improper || (ch > 255);
 	*dst++ = UCHAR(ch);
diff --git a/tests/binary.test b/tests/binary.test
index 7dc60ff..aede659 100644
--- a/tests/binary.test
+++ b/tests/binary.test
@@ -2911,6 +2911,12 @@ test binary-77.2 {string cat ops on all bytearrays} {
     }} ab cd
 } [binary format H* abcd]
 
+test binary-78.1 {unicode (out of BMP) to byte-array conversion, bug-[bd94500678]} -body {
+    # just test for BO-segfault (high surrogate w/o advance source pointer for out of BMP char if TCL_UTF_MAX <= 4):
+    binary encode hex \U0001f415
+    binary scan \U0001f415 a* v; set v
+    set str {}
+} -result {}
 
 # ----------------------------------------------------------------------
 # cleanup
-- 
cgit v0.12