From 9a7f2d51807c182c7cb7e554c3be109ccd066ad8 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Tue, 4 May 2021 06:44:28 -0700
Subject: buf: bugfix: int-buf, uint-buf refer to alloc size.

* buf.c (int_buf, uint_buf): Refer to the buffer length b->len
rather than the underlying allocation size b->size.
Referring to b->size will not only produce the wrong value
when it is larger than len, but b->size can be null for a
borrowed buffer, producing a crash.

* tests/012/buf.tl: Tests.
---
 buf.c            | 4 ++--
 tests/012/buf.tl | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 tests/012/buf.tl

diff --git a/buf.c b/buf.c
index f4193a74..4305952e 100644
--- a/buf.c
+++ b/buf.c
@@ -1184,7 +1184,7 @@ static val int_buf(val buf)
 {
   val self = lit("int-buf");
   struct buf *b = buf_handle(buf, self);
-  ucnum size = c_unum(b->size, self);
+  ucnum size = c_unum(b->len, self);
   ucnum bits = size * 8;
   val ubn = make_bignum();
   mp_err mpe = mp_read_unsigned_bin(mp(ubn), b->data, size);
@@ -1197,7 +1197,7 @@ static val uint_buf(val buf)
 {
   val self = lit("uint-buf");
   struct buf *b = buf_handle(buf, self);
-  ucnum size = c_unum(b->size, self);
+  ucnum size = c_unum(b->len, self);
   val ubn = make_bignum();
   mp_err mpe = mp_read_unsigned_bin(mp(ubn), b->data, size);
   if (mpe != MP_OKAY)
diff --git a/tests/012/buf.tl b/tests/012/buf.tl
new file mode 100644
index 00000000..1c8040d6
--- /dev/null
+++ b/tests/012/buf.tl
@@ -0,0 +1,4 @@
+(load "../common")
+
+(vtest (uint-buf (make-buf 8 255 16)) (pred (expt 2 64)))
+(test (int-buf (make-buf 8 255 16)) -1)
-- 
cgit v1.2.3