fix some length calculations in memory streams

diff --git a/src/stdio/open_memstream.c b/src/stdio/open_memstream.c
index dedc3d51b6c8e495652440d25cb7b2e44365a670..2f3569f1d177211962558b8810837e0229ff7eea 100644 (file)
--- a/src/stdio/open_memstream.c
+++ b/src/stdio/open_memstream.c
@@ -41,7 +41,7 @@ static size_t ms_write(FILE *f, const unsigned char *buf, size_t len)
                f->wpos = f->wbase;
                if (ms_write(f, f->wbase, len2) < len2) return 0;
        }
-       if (len > c->space - c->pos) {
+       if (len >= c->space - c->pos) {
                len2 = 2*c->space+1 | c->space+len+1;
                newbuf = realloc(c->buf, len2);
                if (!newbuf) return 0;

diff --git a/src/stdio/open_wmemstream.c b/src/stdio/open_wmemstream.c
index 5402ca1a030acb57cd61c8fbee8a55a1115b9fda..3bc0f25412f373c899380c037c80c87a289a1b2d 100644 (file)
--- a/src/stdio/open_wmemstream.c
+++ b/src/stdio/open_wmemstream.c
@@ -39,13 +39,13 @@ static size_t wms_write(FILE *f, const unsigned char *buf, size_t len)
        struct cookie *c = f->cookie;
        size_t len2;
        wchar_t *newbuf;
-       if (len > c->space - c->pos) {
+       if (len >= c->space - c->pos) {
                len2 = 2*c->space+1 | c->space+len+1;
                if (len2 > SSIZE_MAX/4) return 0;
                newbuf = realloc(c->buf, len2*4);
                if (!newbuf) return 0;
                *c->bufp = c->buf = newbuf;
-               memset(c->buf + c->space, 0, len2 - c->space);
+               memset(c->buf + c->space, 0, 4*(len2 - c->space));
                c->space = len2;
        }