packages/tcl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tcl/closes-d051b77fc18d7340-fixed-segfault-by-integer-ov.patch
overweight fe90c77fc4 Package init
2019-09-30 11:18:08 -04:00

30 lines
854 B
Diff
Raw Blame History

From 20c0ed50e35e6075f82eb87fdeb7a13e522b710a Mon Sep 17 00:00:00 2001
From: sebres <sebres@users.sourceforge.net>
Date: Thu, 26 Jul 2018 15:57:38 +0000
Subject: [PATCH 1329/1800] closes [d051b77fc18d7340]: fixed segfault by
integer overflow (if width by format like "%4000000000g" overflows to
negative values by scan of length)
---
generic/tclStringObj.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/generic/tclStringObj.c b/generic/tclStringObj.c
index 996be77ee..462ef0424 100644
--- a/generic/tclStringObj.c
+++ b/generic/tclStringObj.c
@@ -1938,6 +1938,10 @@ Tcl_AppendFormatToObj(
width = 0;
if (isdigit(UCHAR(ch))) {
width = strtoul(format, &end, 10);
+ if (width < 0) {
+ msg = overflow;
+ goto errorMsg;
+ }
format = end;
step = TclUtfToUniChar(format, &ch);
} else if (ch == '*') {
--
2.19.1
Reference in New Issue View Git Blame Copy Permalink