One-off error:
Old buffer length was 6 for one character (3 * 1 + 3)
We need one more byte par character in the buffer for
the hex representation of it.
+0 '"'
+1 '\\'
+2 'x'
+3 'f'
+4 'c'
+5 '"'
+6 0x0 << overflow
tcl combined with RCHECK will abort because memory blocks
are allocated contiguously and we overwrite the magic marker
of the next block.
/* leave room for worst case expansion plus quotes plus null */
pArgv = argv[1];
- stringLength = (3 * strlen(pArgv)) + 3;
+ stringLength = (4 * strlen(pArgv)) + 3;
string = Tcl_Alloc(stringLength);
memset(string, 0, stringLength);