This fragment did not work right:
temp = bb_get_chunk_from_file(fp, &len);
if (temp) {
/* len > 0 here, it's ok to do temp[len-1] */
char c = temp[len-1];
With "int len" _sign-extending_, temp[len-1] can refer to a wrong location
if len > 0x7fffffff.
Signed-off-by: Quentin Rameau <quinq@fifth.space>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
static char *get_next_line(char *gets_char, char *last_puts_char)
{
char *temp = NULL;
- int len;
+ size_t len;
char gc;
flush_append(last_puts_char);
* end of line. If end isn't NULL, length of the chunk is stored in it.
* Returns NULL if EOF/error.
*/
-extern char *bb_get_chunk_from_file(FILE *file, int *end) FAST_FUNC;
+extern char *bb_get_chunk_from_file(FILE *file, size_t *end) FAST_FUNC;
/* Reads up to (and including) TERMINATING_STRING: */
extern char *xmalloc_fgets_str(FILE *file, const char *terminating_string) FAST_FUNC RETURNS_MALLOC;
/* Same, with limited max size, and returns the length (excluding NUL): */
*/
#include "libbb.h"
-char* FAST_FUNC bb_get_chunk_from_file(FILE *file, int *end)
+char* FAST_FUNC bb_get_chunk_from_file(FILE *file, size_t *end)
{
int ch;
- unsigned idx = 0;
+ size_t idx = 0;
char *linebuf = NULL;
while ((ch = getc(file)) != EOF) {
/* grow the line buffer as necessary */
- if (!(idx & 0xff))
+ if (!(idx & 0xff)) {
+ if (idx == ((size_t)-1) - 0xff)
+ bb_error_msg_and_die(bb_msg_memory_exhausted);
linebuf = xrealloc(linebuf, idx + 0x100);
+ }
linebuf[idx++] = (char) ch;
if (ch == '\0')
break;
/* Get line. Remove trailing \n */
char* FAST_FUNC xmalloc_fgetline(FILE *file)
{
- int i;
+ size_t i;
char *c = bb_get_chunk_from_file(file, &i);
if (i && c[--i] == '\n')
projects / oweals / busybox.git / commitdiff