From a2a05e3b288ca6231cfb9a7a49bb147380412a48 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Fri, 15 Feb 2019 07:49:01 -0800
Subject: listener: fix buffer overflow reading external file.

When an external file is edited, and is longer than the
listener's buffer allows, the buffer overflows, trashing the
other fields in the linenoise structure, and memory beyond.

* parser.c (lino_gets): Decrement nchar in the loop.
Also, eliminate useless return case.
---
 parser.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/parser.c b/parser.c
index d0c4b7a9..0f5d5c99 100644
--- a/parser.c
+++ b/parser.c
@@ -1496,18 +1496,13 @@ static wchar_t *lino_gets(mem_t *stream_in, wchar_t *buf, size_t nchar)
   if (nchar == 0)
     return buf;
 
-  while (nchar > 1) {
+  while (nchar-- > 1) {
     val ch = get_char(stream);
     if (!ch)
       break;
     *ptr++ = c_num(ch);
   }
 
-  if (ptr == buf) {
-    *ptr++ = 0;
-    return 0;
-  }
-
   *ptr++ = 0;
   return buf;
 }
-- 
cgit v1.2.3