From: Ben Pfaff <blp@cs.stanford.edu>
Date: Sat, 18 Feb 2012 19:01:11 +0000 (-0800)
Subject: sys-file-reader: Avoid read past end of buffer.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c83204c09df1d86c3a453d9f812695de1f7f559c;p=pspp

sys-file-reader: Avoid read past end of buffer.

The "unexpected label source in mrsets" test caused a read past the
end of the input buffer in text_parse_counted_string().  This fixes
the problem.

Found by Valgrind.
Reported-by: John Darrington <john@darrington.wattle.id.au>
---

diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c
index 7e8bcf0de3..07471e8831 100644
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -2439,7 +2439,7 @@ text_parse_counted_string (struct sfm_reader *r, struct text_record *text)
 
   start = text->pos;
   n = 0;
-  for (;;)
+  while (text->pos < text->buffer.length)
     {
       int c = text->buffer.string[text->pos];
       if (c < '0' || c > '9')
@@ -2447,7 +2447,7 @@ text_parse_counted_string (struct sfm_reader *r, struct text_record *text)
       n = (n * 10) + (c - '0');
       text->pos++;
     }
-  if (start == text->pos)
+  if (text->pos >= text->buffer.length || start == text->pos)
     {
       sys_warn (r, text->start,
                 _("Expecting digit at offset %zu in MRSETS record."),