From 71bddaf115efcab36f55f35557990173962f47e4 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Fri, 31 May 2019 19:00:36 -0700
Subject: bugfix: list length: off-by-one error huge lists.

* lib.c (length_list, length_proper_list): Fix off-by-one bug
when calculating lengths of lists that overflow the cnum type.
Note that we will never see regular lists which hit this
situation, because there are more values in the range [0,
INT_PTR_MAX] then there are possible pointers in the system,
However, lazy lists can be that long or longer, because as we
calculate the length of a lazy list, the part we have already
traversed can be garbage-collected under the right
circumstances.
---
 lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib.c b/lib.c
index 6ac23b46..e3e1909e 100644
--- a/lib.c
+++ b/lib.c
@@ -3127,6 +3127,7 @@ val length_list(val list)
   if (len < INT_PTR_MAX)
     return num(len);
 
+  list = cdr(list);
   bn_len = num(INT_PTR_MAX);
 
   while (consp(list)) {
@@ -3152,6 +3153,7 @@ static val length_proper_list(val list)
   if (len < INT_PTR_MAX)
     return num(len);
 
+  list = cdr(list);
   bn_len = num(INT_PTR_MAX);
 
   while (list) {
-- 
cgit v1.2.3