[Activetcl-Dev] beware Tcl_UtfAtIndex usage
by Jeff Hobbs other posts by this author
Nov 24 2006 9:24AM messages near this date
view in the new Beta List Site
[Activetcl-Dev] new ActiveTcl releases coming soon
|
[Activetcl-Dev] ActiveTcl 8.4.14 / 8.5 beta-next
I just went through a correct solution for:
https://sourceforge.net/support/tracker.php?aid=1599877
and found that we weren't doing bounds checking with menu underlines. It is
important to note that Tcl_UtfAtIndex does *not* do any bounds checking. It
will gleefully run off the end of the valid string range. Callers should make
sure to do correct bounding on the index that they pass in.
A quick grep reveals that its used in several places in Tk (and like the above
bug, probably needed in several places more). I see already that tkUnixMenu.c
has the same unbounded index bug.
This is just a reminder to watch how you make use of that API
(Tcl_UniCharAtIndex is the same, as are a few other Tcl_Utf* helper routines
that expect you to know your bounds).
Jeff Hobbs, The Tcl Guy, http://www.ActiveState.com/
|
