SourceForge has been redesigned. Learn more.
Close

#4288 overflow trouble in [string repeat]

obsolete: 8.5.6
closed-fixed
9
2009-02-04
2009-02-03
Don Porter
No

% info patch
8.5.6
% set a [string repeat a 0x80000000]; concat
% string length $a
0

Discussion

  • Don Porter

    Don Porter - 2009-02-03

    Related:

    % set a [string repeat a 0x7fffffff]; concat
    string size overflow, out of memory allocating -2147483648 bytes

    Here it's just the formatting of the
    error message that is the problem.

     
  • Don Porter

    Don Porter - 2009-02-03
    • priority: 5 --> 9
     
  • Don Porter

    Don Porter - 2009-02-03

    On another system with more memory:

    % set a [string repeat a 0x7fffffff]; concat
    Segmentation fault

     
  • Don Porter

    Don Porter - 2009-02-03

    Fix for 714106 is apparently incomplete.

     
  • Don Porter

    Don Porter - 2009-02-04

    the existing overflow protections are
    only effective for repeated substrings
    of length > 1.

     
  • Don Porter

    Don Porter - 2009-02-04

    Note that the original report here
    is *not a bug* but a bit of compatibility.
    The count values from 0x80000000 to 0xffffffff
    are taken as equivalent to the values
    -0x80000000 to -1 because the value is
    fetched with Tcl_GetIntFromObj().

    Then, given a negative count value,
    [string repeat] returns an empty string
    and no error.

    The later comments note the real bug,
    some uncaught overflows leading to
    crashes.

     
  • Don Porter

    Don Porter - 2009-02-04

    fix committed to HEAD.
    backports still needed.

     
  • Don Porter

    Don Porter - 2009-02-04

    Backported for 8.5.7. Not buggy in 8.4. branch.

     
  • Don Porter

    Don Porter - 2009-02-04
    • assigned_to: dkf --> dgp
    • status: open --> closed-fixed