Tcl Source Code

View Ticket
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Attach Edit New Ticket Plaintext
Ticket UUID: b6afa337376342ff91953f200db89ff4ff4f5fe6
Title: signed integer overflow in TclInitStringRep() macro
Type: Patch Version: core-8-6-branch
Submitter: chrstphrchvz Created on: 2022-02-19 13:49:20
Subsystem: 10. Objects Assigned To: jan.nijtmans
Priority: 5 Medium Severity: Minor
Status: Closed Last Modified: 2022-03-08 15:18:30
Resolution: Fixed Closed By: jan.nijtmans
    Closed on: 2022-03-08 15:18:30
Description:

Example script and corresponding output with UBSan error (-fsanitize=signed-integer-overflow, excludes any previously reported errors): 

proc p {} {
set a [string repeat [string repeat a 1023] 1049601]
set a2 [string cat a $a $a]
return [string toupper $a2]
}
set x [p]

tcl/generic/tclExecute.c:5520:6: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
(tclsh eventually exited normally)

Can be prevented with same approach used in [a03e9793d4]; see attached patch.

User Comments: jan.nijtmans added on 2022-03-08 15:18:30:

Fixed [a314f4ea6233c15d|here]. Thanks!

Attachments:

This page was generated in about 0.008s by Fossil 2.25 [2ba99c273b] 2024-05-21 11:18:46