#1981 Tcl_Parse* ignore length argument

obsolete: 8.4b2
closed-fixed
5
2002-08-05
2002-07-19
Don Porter
No

In the tcltest executable, try:

testparsevarname {$a(f_} 4 0

This should try to parse the first 4
characters of the string as a
variable name. It should return
an error message "missing )"
because the first 4 characters
so not spell out a legal variable
name.

However, unless the caller has
replaced _ with \0, Tcl_ParseVarName
is quite happy to go marching
through memory looking for that
close paren.

Discussion

  • Don Porter

    Don Porter - 2002-07-19
    • summary: Tcl_ParseVarName ignores length --> Tcl_Parse* ignore length argument
     
  • Don Porter

    Don Porter - 2002-07-19

    Logged In: YES
    user_id=80530

    Tcl_ParseQuotedString has a similar
    problem, although there's no special
    command in tcltest for testing it.
    Imagine there was and try:

    testparsequotedstring {"a_} 2 0

    It will also escape into memory
    beyond length.

    These both boil down to an
    assumption by ParseTokens
    that *(parsePtr->end) is a NUL
    byte. Either all callers of ParseTokens
    need to verify that is true, or ParseTokens
    should set that up itself, or (yuk!) the
    terminating NUL requirement would
    have to be documented and depend
    on callers to do it.

     
  • Don Porter

    Don Porter - 2002-07-19

    Logged In: YES
    user_id=80530

    Tcl_ParseBraces has similar trouble.
    Imagine the test command:

    testparsebraces "\{a\\\n\t\t foo bar}" 3 0

    T_PB should examine the 3 characters
    { a \ and return the error "missing close-brace".
    Instead it gets caught up trying to do
    backslash substitution, and scans all the
    way to the close-brace. It would keep
    going through all memory until it found
    one.

    Fixes: 1) Document T_PB as requiring
    NUL-terminated string (YUK!); or
    2) Have T_PB set the NUL it needs
    on entry, and restore on exit; or
    3) Have T_PB call a different form of
    Tcl_UtfBackslash that can properly
    operate on counted strings.

     
  • Don Porter

    Don Porter - 2002-07-19
    • assigned_to: msofer --> jenglish
     
  • Don Porter

    Don Porter - 2002-07-24

    Logged In: YES
    user_id=80530

    Adopting Patch 585105 is one way to
    fix these bugs.

     
  • Don Porter

    Don Porter - 2002-08-05

    Logged In: YES
    user_id=80530

    fixed by acceptance of 585105

     
  • Don Porter

    Don Porter - 2002-08-05
    • assigned_to: jenglish --> dgp
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks