Overview
| Artifact ID: | 1bd98c743c1f5d8e442bee8ecb3e6d87d2a30be0 |
|---|---|
| Ticket: | 272e866f1ec0af1927a7899a81b1c58395832096
Uncontrolled overflow in ReadBytes() |
| User & Date: | gustafn 2013-11-12 19:05:42 |
Changes
- assignee changed to: "nobody"
- closer changed to: "nobody"
- cmimetype changed to: "text/plain"
- comment changed to:
When reading a file with e.g. 1.1 GB via set content [read $f] Tcl crashes due to the doubling policy of reallocs on machines where sizeof(int) == 32 (which is as well the case on 64 bit Linux). Due to doubling the length of the buffer, the length variable of type "int" becomes negative on values larger than 1GB. While one can discuss the usefulness of reading large files into memory, the situation can be improved quite easily by limiting the doubling policy to 2GB (actually INT_MAX). The problem happened in a Tcl-based zip-file generator, when the size of a single file is larger than 1.x GB. A sample patch is available (I assume i can attach the patch after writing the ticket). Most probably there are more places in Tcl, where a similar patch might be useful.
- foundin changed to: "8.5.15"
- is_private changed to: "0"
- login: "gustafn"
- priority changed to: "5 Medium"
- private_contact changed to: "d0ad4471e07e8c03bf0d90786ec6d31e33bcf241"
- resolution changed to: "None"
- severity changed to: "Severe"
- status changed to: "Open"
- submitter changed to: "gustafn"
- subsystem changed to: "25. Channel System"
- title changed to: "Crash when reading a file of e.g 1.1 GB"
- type changed to: "Bug"