From 0838c7ce8528a241fd6bb422767e187af4b5d9a7 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Sat, 5 May 2012 22:07:34 -0700
Subject: [PATCH] lexer: Check that 'read' function in lex_source returns valid
 value.

A 'read' function may only read as many bytes as the size of the
buffer passed into it, but the caller didn't check, which made an
actual violation of this invariant hard to diagnose.
---
 src/language/lexer/lexer.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/language/lexer/lexer.c b/src/language/lexer/lexer.c
index e72a3e47bc..1caadac1de 100644
--- a/src/language/lexer/lexer.c
+++ b/src/language/lexer/lexer.c
@@ -1209,14 +1209,18 @@ lex_source_read__ (struct lex_source *src)
   do
     {
       size_t head_ofs;
+      size_t space;
       size_t n;
 
       lex_source_expand__ (src);
 
       head_ofs = src->head - src->tail;
+      space = src->allocated - head_ofs;
       n = src->reader->class->read (src->reader, &src->buffer[head_ofs],
-                                    src->allocated - head_ofs,
+                                    space,
                                     segmenter_get_prompt (&src->segmenter));
+      assert (n <= space);
+
       if (n == 0)
         {
           /* End of input.
-- 
2.30.2