sys-file-reader: Avoid read past end of buffer.

The "unexpected label source in mrsets" test caused a read past the
end of the input buffer in text_parse_counted_string().  This fixes
the problem.

Found by Valgrind.
Reported-by: John Darrington <john@darrington.wattle.id.au>

diff --git a/src/data/sys-file-reader.c b/src/data/sys-file-reader.c
index 7e8bcf0de38d316ea6d770976caff1f86ab76018..07471e8831990ae4d757b2e5a424e3182e5ef013 100644 (file)
--- a/src/data/sys-file-reader.c
+++ b/src/data/sys-file-reader.c
@@ -2439,7 +2439,7 @@ text_parse_counted_string (struct sfm_reader *r, struct text_record *text)
 
   start = text->pos;
   n = 0;
-  for (;;)
+  while (text->pos < text->buffer.length)
     {
       int c = text->buffer.string[text->pos];
       if (c < '0' || c > '9')
@@ -2447,7 +2447,7 @@ text_parse_counted_string (struct sfm_reader *r, struct text_record *text)
       n = (n * 10) + (c - '0');
       text->pos++;
     }
-  if (start == text->pos)
+  if (text->pos >= text->buffer.length || start == text->pos)
     {
       sys_warn (r, text->start,
                 _("Expecting digit at offset %zu in MRSETS record."),