ref: 12b2608b241743314f177e73d8d73b72580d2948
parent: bf453043db68342de85028c7a44cb75262e02ad9
author: Simon Tatham <anakin@pobox.com>
date: Mon Apr 24 05:56:35 EDT 2023
Fix bounds check in buffer_append. We're about to append one character to the buffer _and_ put a \0 after it, so we need the buffer to be at least _two_ characters longer than where the current position is. I think this bug would have had a hard time showing up in normal use, but I managed to trigger it by completely messing up a prototype Emscripten preferences implementation, and a good thing too.
--- a/midend.c
+++ b/midend.c
@@ -3020,7 +3020,7 @@
static void buffer_append(struct buffer *buf, char c)
{- if (buf->len + 1 > buf->size) {+ if (buf->len + 2 > buf->size) {size_t new_size = buf->size + buf->size / 4 + 128;
assert(new_size > buf->size);
buf->data = sresize(buf->data, new_size, char);