diff options
| author | Simon Tatham <anakin@pobox.com> | 2023-04-24 09:56:35 +0100 |
|---|---|---|
| committer | Simon Tatham <anakin@pobox.com> | 2023-04-24 10:04:20 +0100 |
| commit | 12b2608b241743314f177e73d8d73b72580d2948 (patch) | |
| tree | aac4249ced17386ff1a93e2c3f134598877e9a74 | |
| parent | bf453043db68342de85028c7a44cb75262e02ad9 (diff) | |
| download | puzzles-12b2608b241743314f177e73d8d73b72580d2948.zip puzzles-12b2608b241743314f177e73d8d73b72580d2948.tar.gz puzzles-12b2608b241743314f177e73d8d73b72580d2948.tar.bz2 puzzles-12b2608b241743314f177e73d8d73b72580d2948.tar.xz | |
Fix bounds check in buffer_append.
We're about to append one character to the buffer _and_ put a \0 after
it, so we need the buffer to be at least _two_ characters longer than
where the current position is.
I think this bug would have had a hard time showing up in normal use,
but I managed to trigger it by completely messing up a prototype
Emscripten preferences implementation, and a good thing too.
| -rw-r--r-- | midend.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3020,7 +3020,7 @@ struct buffer { static void buffer_append(struct buffer *buf, char c) { - if (buf->len + 1 > buf->size) { + if (buf->len + 2 > buf->size) { size_t new_size = buf->size + buf->size / 4 + 128; assert(new_size > buf->size); buf->data = sresize(buf->data, new_size, char); |