From b3e2e15abbb587934622dc562ca7d0e4b7c0a64e Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Fri, 10 Apr 2020 12:19:13 +0000
Subject: Since Tcl_UtfCharComplete() now guarantees that at least 3 more bytes
 are available for header bytes 0x80-0xBF, check those 3 bytes first in
 Tcl_UtfToUniChar() before doing other checks (that might point to
 uninitialized memory in non-confirming extensions)

---
 generic/tclUtf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/generic/tclUtf.c b/generic/tclUtf.c
index 410268d..12d764c 100644
--- a/generic/tclUtf.c
+++ b/generic/tclUtf.c
@@ -325,10 +325,10 @@ Tcl_UtfToUniChar(
 	 * bytes, then we must produce a follow-up low surrogate. We only
 	 * do that if the high surrogate matches the bits we encounter.
 	 */
-	if ((byte >= 0x80)
+	if (((byte & 0xC0) == 0x80)
+		&& ((src[1] & 0xC0) == 0x80) && ((src[2] & 0xC0) == 0x80)
 		&& (((((byte - 0x10) << 2) & 0xFC) | 0xD800) == (*chPtr & 0xFCFC))
-		&& ((src[1] & 0xF0) == (((*chPtr << 4) & 0x30) | 0x80))
-		&& ((src[2] & 0xC0) == 0x80)) {
+		&& ((src[1] & 0xF0) == (((*chPtr << 4) & 0x30) | 0x80))) {
 	    *chPtr = ((src[1] & 0x0F) << 6) + (src[2] & 0x3F) + 0xDC00;
 	    return 3;
 	}
-- 
cgit v0.12