Tcl Source Code: View Ticket

Ticket UUID:	e32a44e2e49e5fe3a21162db2b2dd915ba8589d5
Title:	Tcl_Merge(): signed integer overflow
Type:	Patch	Version:	core-8-6-branch
Submitter:	chrstphrchvz	Created on:	2022-10-02 11:26:50
Subsystem:	14. List Object	Assigned To:	jan.nijtmans
Priority:	5 Medium	Severity:	Minor
Status:	Closed	Last Modified:	2022-10-06 10:23:32
Resolution:	Fixed	Closed By:	jan.nijtmans
		Closed on:	2022-10-06 10:23:32
Description:	Example script (not much usage of `Tcl_Merge()` in core Tcl): set 1k_spaces [string repeat { } [::tcl::mathop::<< 1 10]] set 1M_spaces [string repeat $1k_spaces [::tcl::mathop::<< 1 10]] set 1G_spaces [string repeat $1M_spaces [::tcl::mathop::<< 1 10]] testpanic $1G_spaces $1G_spaces Output containing UBSan error, which the attached patch avoids: $ ./tcltest script.tcl (some time passes) tcl/generic/tclUtil.c:1596:14: runtime error: signed integer overflow: 1073741826 + 1073741826 cannot be represented in type 'int' max size for a Tcl value (2147483647 bytes) exceeded (tcltest aborts, though before `TestpanicCmd()` can directly call `Tcl_Panic()`.)
User Comments:	jan.nijtmans added on 2022-10-06 10:23:32: Should be fixed [0e2b23ff845b1e1b\|here]

Attachments:

e32a44e2e49e.diff [download] added by chrstphrchvz on 2022-10-02 11:28:30. [details]