From 55fd504836ce37e25e2ccc208463e6f1877d6f7f Mon Sep 17 00:00:00 2001 From: Kenichi Handa Date: Mon, 22 Jun 1998 00:24:57 +0000 Subject: [PATCH] (read_process_output): While processing carryover, check the size of p->decoding_buf. --- src/process.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/process.c b/src/process.c index 814fbc4a74..d76cebe5e1 100644 --- a/src/process.c +++ b/src/process.c @@ -2855,13 +2855,19 @@ read_process_output (proc, channel) carryover = nbytes - coding->consumed; if (carryover > 0) { - /* We must move the data carried over to the tail of - decoding buffer. We are sure that the size of decoding - buffer (decided by decoding_buffer_size) is large enough - to contain them. */ - bcopy (chars + nbytes - carryover, - (XSTRING (p->decoding_buf)->data - + STRING_BYTES (XSTRING (p->decoding_buf)) - carryover), + /* Copy the carryover bytes to the end of p->decoding_buf, to + be processed on the next read. Since decoding_buffer_size + asks for an extra amount of space beyond the maximum + expected for the output, there should always be sufficient + space for the carryover (which is by definition a sequence + of bytes that was not long enough to be decoded, and thus + has a bounded length). */ + if (STRING_BYTES (XSTRING (p->decoding_buf)) + < coding->produced + carryover) + abort (); + bcopy (chars + coding->consumed, + XSTRING (p->decoding_buf)->data + + STRING_BYTES (XSTRING (p->decoding_buf)) - carryover, carryover); XSETINT (p->decoding_carryover, carryover); } -- 2.20.1