fix write-beyond-end of an on-stack buffer while reading typed arrays

* libguile/unif.c (scm_i_read_array): Fix case in which we could write beyond the end of `tag'. See http://article.gmane.org/gmane.lisp.guile.devel/12685.
author: Andy Wingo <wingo@pobox.com> 2011-07-29 09:31:32 +0200
committer: Andy Wingo <wingo@pobox.com> 2011-07-29 09:31:32 +0200
commit: 99c6be814f06952e228b1610407faa9161a65cdf (patch)
tree: 45f8f61b6776a8ad5f5fb0389b529e407f52b313
parent: b720f244942320731e1ceb67f3648143a3316b32 (diff)
download: guile-99c6be814f06952e228b1610407faa9161a65cdf.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/libguile/unif.c b/libguile/unif.c
index daf085007..dd4e61711 100644
--- a/libguile/unif.c
+++ b/libguile/unif.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1995,1996,1997,1998,2000,2001,2002,2003,2004, 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 1995,1996,1997,1998,2000,2001,2002,2003,2004, 2005, 2006, 2011 Free Software Foundation, Inc.
  * 
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -2722,7 +2722,7 @@ scm_i_read_array (SCM port, int c)
    */
   tag_len = 0;
  continue_reading_tag:
-  while (c != EOF && c != '(' && c != '@' && c != ':' && tag_len < 80)
+  while (c != EOF && c != '(' && c != '@' && c != ':' && tag_len < 79)
     {
       tag[tag_len++] = c;
       c = scm_getc (port);
author	Andy Wingo <wingo@pobox.com>	2011-07-29 09:31:32 +0200
committer	Andy Wingo <wingo@pobox.com>	2011-07-29 09:31:32 +0200
commit	99c6be814f06952e228b1610407faa9161a65cdf (patch)
tree	45f8f61b6776a8ad5f5fb0389b529e407f52b313
parent	b720f244942320731e1ceb67f3648143a3316b32 (diff)
download	guile-99c6be814f06952e228b1610407faa9161a65cdf.tar.gz