Tcl / Read-Only Bugs / #1811 Buffer overrun in TclCompileTokens()

#1811 Buffer overrun in TclCompileTokens()

Milestone: obsolete: 8.4a5

Status: closed-fixed

Owner: Donal K. Fellows

Labels: 47. Bytecode Compiler (220)

Priority: 5

Updated: 2002-03-15

Created: 2002-03-15

Creator: Anonymous

Private: No

Bug found in Tcl 8.4a4, but also in 8.3.

Reproductible script:

proc bug {} {
puts $array([expr {a+2}])
}

In generic/tclCompile.c, function TclCompileTokens(),
line 1242:

sprintf(buffer,
"\n (parsing index for array \&quot;%.*s\&quot;)",
((nameBytes > 100)? 100 : nameBytes), name);

but buffer is large enough to contains TCL_UTF_MAX :(.

Discussion

Donal K. Fellows - 2002-03-15

milestone: --> obsolete: 8.4a5

assigned_to: msofer --> dkf

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

miguel sofer - 2002-03-15

Logged In: YES
user_id=148712

Donal fixed it in 8.4; I just patched core-8-3-1-branch.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: