Date: Fri, 4 Nov 2016 15:08:17 +0000 (UTC) From: Pietro Cerutti <gahr@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r425329 - in head/lang/tcl86: . files Message-ID: <201611041508.uA4F8H5V084767@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gahr Date: Fri Nov 4 15:08:17 2016 New Revision: 425329 URL: https://svnweb.freebsd.org/changeset/ports/425329 Log: lang/tcl86: fix integer overflow check and avoid segfault PR: 214205 Submitted by: gahr Added: head/lang/tcl86/files/patch-bug214205 (contents, props changed) Modified: head/lang/tcl86/Makefile Modified: head/lang/tcl86/Makefile ============================================================================== --- head/lang/tcl86/Makefile Fri Nov 4 15:04:47 2016 (r425328) +++ head/lang/tcl86/Makefile Fri Nov 4 15:08:17 2016 (r425329) @@ -3,7 +3,7 @@ PORTNAME= tcl PORTVERSION= 8.6.6 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= lang MASTER_SITES= SF/tcl/Tcl/${PORTVERSION} \ TCLTK/tcl8_6 Added: head/lang/tcl86/files/patch-bug214205 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/lang/tcl86/files/patch-bug214205 Fri Nov 4 15:08:17 2016 (r425329) @@ -0,0 +1,64 @@ +Index: generic/tclListObj.c +================================================================== +--- generic/tclListObj.c ++++ generic/tclListObj.c +@@ -853,12 +853,15 @@ + */ + count = numElems - first; + } + + if (objc > LIST_MAX - (numElems - count)) { +- Tcl_SetObjResult(interp, Tcl_ObjPrintf( +- "max length of a Tcl list (%d elements) exceeded", LIST_MAX)); ++ if (interp != NULL) { ++ Tcl_SetObjResult(interp, Tcl_ObjPrintf( ++ "max length of a Tcl list (%d elements) exceeded", ++ LIST_MAX)); ++ } + return TCL_ERROR; + } + isShared = (listRepPtr->refCount > 1); + numRequired = numElems - count + objc; /* Known <= LIST_MAX */ + + +Index: generic/tclListObj.c +================================================================== +--- generic/tclListObj.c ++++ generic/tclListObj.c +@@ -895,15 +895,12 @@ + if (first >= numElems) { + first = numElems; /* So we'll insert after last element. */ + } + if (count < 0) { + count = 0; +- } else if (numElems < first+count || first+count < 0) { +- /* +- * The 'first+count < 0' condition here guards agains integer +- * overflow in determining 'first+count'. +- */ ++ } else if (first > INT_MAX - count /* Handle integer overflow */ ++ || numElems < first+count) { + + count = numElems - first; + } + + if (objc > LIST_MAX - (numElems - count)) { + +Index: generic/tclEnsemble.c +================================================================== +--- generic/tclEnsemble.c ++++ generic/tclEnsemble.c +@@ -3133,11 +3133,11 @@ + /* + * The length of the "replaced" list must be depth-1. Trim back + * any extra elements that might have been appended by failing + * pathways above. + */ +- (void) Tcl_ListObjReplace(NULL, replaced, depth-1, INT_MAX, 0, NULL); ++ (void) Tcl_ListObjReplace(NULL, replaced, depth-1, LIST_MAX, 0, NULL); + + /* + * TODO: Reconsider whether we ought to call CompileToInvokedCommand() + * when depth==1. In that case we are choosing to emit the + * INST_INVOKE_REPLACE bytecode when there is in fact no replacing +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611041508.uA4F8H5V084767>