From 4f3ba4b9d477365cac08bf7361c31778a497d9ad Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Sun, 6 Mar 2022 15:49:31 +0000
Subject: Fix [112e7aa36d]: signed integer overflow in Tcl_SetObjLength(),
 Tcl_AttemptSetObjLength()

---
 generic/tclStringObj.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index 8f4bfb2..d1e709c 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -956,9 +956,9 @@ Tcl_SetObjLength(
 	     * Need to enlarge the buffer.
 	     */
 	    if (objPtr->bytes == tclEmptyStringRep) {
-		objPtr->bytes = (char *)ckalloc(length + 1);
+		objPtr->bytes = (char *)ckalloc((unsigned int)length + 1U);
 	    } else {
-		objPtr->bytes = (char *)ckrealloc(objPtr->bytes, length + 1);
+		objPtr->bytes = (char *)ckrealloc(objPtr->bytes, (unsigned int)length + 1U);
 	    }
 	    stringPtr->allocated = length;
 	}
@@ -1062,9 +1062,9 @@ Tcl_AttemptSetObjLength(
 	    char *newBytes;
 
 	    if (objPtr->bytes == tclEmptyStringRep) {
-		newBytes = (char *)attemptckalloc(length + 1);
+		newBytes = (char *)attemptckalloc((unsigned int)length + 1U);
 	    } else {
-		newBytes = (char *)attemptckrealloc(objPtr->bytes, length + 1);
+		newBytes = (char *)attemptckrealloc(objPtr->bytes, (unsigned int)length + 1U);
 	    }
 	    if (newBytes == NULL) {
 		return 0;
-- 
cgit v0.12