From 9c28f4fc5f89366f31d58cf585b33aff028ea5d6 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 8 Mar 2022 15:10:57 +0000
Subject: Fix [b6afa33737]: signed integer overflow in TclInitStringRep() macro

---
 generic/tclInt.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/generic/tclInt.h b/generic/tclInt.h
index 1954a13..89ce8f0 100644
--- a/generic/tclInt.h
+++ b/generic/tclInt.h
@@ -4316,7 +4316,7 @@ MODULE_SCOPE void	TclDbInitNewObj(Tcl_Obj *objPtr, const char *file,
 	(objPtr)->bytes	 = tclEmptyStringRep; \
 	(objPtr)->length = 0; \
     } else { \
-	(objPtr)->bytes = (char *) ckalloc((len) + 1); \
+	(objPtr)->bytes = (char *) ckalloc((unsigned int)(len) + 1U); \
 	memcpy((objPtr)->bytes, (bytePtr), (len)); \
 	(objPtr)->bytes[len] = '\0'; \
 	(objPtr)->length = (len); \
-- 
cgit v0.12


From aaead6c7ae251886735590603d20616cc63a497f Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 8 Mar 2022 15:21:25 +0000
Subject: Fix [1c7f179710]: undefined behavior for INST_LSHIFT in
 ExecuteExtendedBinaryMathOp()

---
 generic/tclExecute.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generic/tclExecute.c b/generic/tclExecute.c
index b96eab4..a26aae1 100644
--- a/generic/tclExecute.c
+++ b/generic/tclExecute.c
@@ -8661,9 +8661,9 @@ ExecuteExtendedBinaryMathOp(
 		    && ((size_t)shift < CHAR_BIT*sizeof(Tcl_WideInt))) {
 		TclGetWideIntFromObj(NULL, valuePtr, &w1);
 		if (!((w1>0 ? w1 : ~w1)
-			& -(((Tcl_WideInt)1)
+			& -(((Tcl_WideUInt)1)
 			<< (CHAR_BIT*sizeof(Tcl_WideInt) - 1 - shift)))) {
-		    WIDE_RESULT(w1 << shift);
+		    WIDE_RESULT((Tcl_WideUInt)w1 << shift);
 		}
 	    }
 	} else {
-- 
cgit v0.12


From 94033c98698f9311df88190fad45f190b4b829a8 Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 8 Mar 2022 15:23:16 +0000
Subject: Fix [9c7557160]: signed integer overflow in UpdateStringOfByteArray()

---
 generic/tclBinary.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/generic/tclBinary.c b/generic/tclBinary.c
index fdb7f59..1c97728 100644
--- a/generic/tclBinary.c
+++ b/generic/tclBinary.c
@@ -565,14 +565,14 @@ UpdateStringOfByteArray(
     size = length;
     for (i = 0; i < length && size >= 0; i++) {
 	if ((src[i] == 0) || (src[i] > 127)) {
-	    size++;
+	    size = (int)((unsigned int)size + 1U);
 	}
     }
     if (size < 0) {
 	Tcl_Panic("max size for a Tcl value (%d bytes) exceeded", INT_MAX);
     }
 
-    dst = (char *)ckalloc(size + 1);
+    dst = (char *)ckalloc((unsigned int)size + 1U);
     objPtr->bytes = dst;
     objPtr->length = size;
 
-- 
cgit v0.12