From cc86f6e11e85d0a01675ec31e3677ad2e63cddc4 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 5 May 2020 13:23:17 +0000
Subject: Add 4 test-cases that could fool Tcl_UtfPrev (but ... actually they
 don't). Make sure that Tcl_UtfPrev() never reads more than 3 trail bytes (or
 4 when TCL_UTF_MAX > 4). Those are the same limits as for Tcl_UtfNext() and
 Tcl_UtfToUniChar()

---
 generic/tclUtf.c |  2 +-
 tests/utf.test   | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/generic/tclUtf.c b/generic/tclUtf.c
index ac87978..2439a54 100644
--- a/generic/tclUtf.c
+++ b/generic/tclUtf.c
@@ -855,7 +855,7 @@ Tcl_UtfPrev(
 
 	/* Continue the search backwards... */
 	look--;
-    } while (trailBytesSeen < TCL_UTF_MAX);
+    } while (trailBytesSeen < ((TCL_UTF_MAX > 3) ? 4 : 3));
 
     /*
      * We've seen TCL_UTF_MAX trail bytes, so we know there will not be a
diff --git a/tests/utf.test b/tests/utf.test
index e8fa603..ffe7896 100644
--- a/tests/utf.test
+++ b/tests/utf.test
@@ -968,6 +968,18 @@ test utf-7.49.5 {Tcl_UtfPrev, validity check [493dccc2de]} {testutfprev fullutf}
 test utf-7.49.6 {Tcl_UtfPrev, validity check [493dccc2de]} testutfprev {
     testutfprev A\xF4\x90\x80\x80 2
 } 1
+test utf-7.50.0 {Tcl_UtfPrev, 4-byte valid sequence with additional trail} {testutfprev ucs2} {
+    testutfprev \xF2\xA0\xA0\xA0\xA0
+} 2
+test utf-7.50.1 {Tcl_UtfPrev, 4-byte valid sequence with additional trail} {testutfprev fullutf} {
+    testutfprev \xF2\xA0\xA0\xA0\xA0
+} 4
+test utf-7.51.0 {Tcl_UtfPrev, 4-byte valid sequence with additional trail} {testutfprev ucs2} {
+    testutfprev \xF2\x80\x80\x80\x80
+} 2
+test utf-7.51.1 {Tcl_UtfPrev, 4-byte valid sequence with additional trail} {testutfprev fullutf} {
+    testutfprev \xF2\x80\x80\x80\x80
+} 4
 
 test utf-8.1 {Tcl_UniCharAtIndex: index = 0} {
     string index abcd 0
-- 
cgit v0.12