lexer: Check that 'read' function in lex_source returns valid value.

A 'read' function may only read as many bytes as the size of the
buffer passed into it, but the caller didn't check, which made an
actual violation of this invariant hard to diagnose.

diff --git a/src/language/lexer/lexer.c b/src/language/lexer/lexer.c
index e72a3e47bc9637d93ad3c1f764b7099686df6d3d..1caadac1de9854433d499122686d1ffa052d9704 100644 (file)
--- a/src/language/lexer/lexer.c
+++ b/src/language/lexer/lexer.c
@@ -1209,14 +1209,18 @@ lex_source_read__ (struct lex_source *src)
   do
     {
       size_t head_ofs;
+      size_t space;
       size_t n;
 
       lex_source_expand__ (src);
 
       head_ofs = src->head - src->tail;
+      space = src->allocated - head_ofs;
       n = src->reader->class->read (src->reader, &src->buffer[head_ofs],
-                                    src->allocated - head_ofs,
+                                    space,
                                     segmenter_get_prompt (&src->segmenter));
+      assert (n <= space);
+
       if (n == 0)
         {
           /* End of input.