(Not sure which category to pick for hash tables.)

The RANDOM_INDEX() macro in generic/tclHash.c multiplies an input, which is not necessarily unsigned, by 1103515245L. On platforms where sizeof(long) == 4, this often leads to signed integer overflow for signed inputs. UBSan (-fsanitize=signed-integer-overflow) complains on tclsh startup (somewhere during TclOO initialization):

tcl/generic/tclHash.c:442:10: runtime error: signed integer overflow: -1322139600 * 1103515245 cannot be represented in type 'long int'
tcl/generic/tclHash.c:1075:11: runtime error: signed integer overflow: -1341125938 * 1103515245 cannot be represented in type 'long int'
%

For systems with sizeof(long) == 8 but sizeof(int) == 4, a similar error can be reproduced by changing 1103515245L to 1103515245:

tcl/generic/tclHash.c:442:10: runtime error: signed integer overflow: 113680 * 1103515245 cannot be represented in type 'int'
tcl/generic/tclHash.c:1075:11: runtime error: signed integer overflow: 14286 * 1103515245 cannot be represented in type 'int'
%

Signed integer overflow can be avoided by instead using 1103515245UL (causing signed inputs to be sign-extended and then cast to unsigned long):

diff --git generic/tclHash.c generic/tclHash.c
index bcf6eee00..5de816829 100644
--- generic/tclHash.c
+++ generic/tclHash.c
@@ -35,7 +35,7 @@
  */
 
#define RANDOM_INDEX(tablePtr, i) \
-    ((((i)*1103515245L) >> (tablePtr)->downShift) & (tablePtr)->mask)
+    ((((i)*1103515245UL) >> (tablePtr)->downShift) & (tablePtr)->mask)
 
 /*
  * Prototypes for the array hash key methods.

Fixed [96d30a7f6b67115d|here]. Thanks for the report and patch!