From 566afe8ef5b40670e1305456eb74f7cdd41e7cf4 Mon Sep 17 00:00:00 2001
From: Kevin Day <kevin@kevux.org>
Date: Mon, 19 Mar 2012 22:10:50 -0500
Subject: [PATCH] Bugfix: add buffer overflow checks

When I added the input parameter to the write functions I forgot to do buffer size checks now that the input size could be different than the buffer size.
---
 level_1/fl_fss/c/fss_basic.c    | 14 +++++++-------
 level_1/fl_fss/c/fss_extended.c | 12 ++++++------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/level_1/fl_fss/c/fss_basic.c b/level_1/fl_fss/c/fss_basic.c
index 1db7f0e..d4c8610 100644
--- a/level_1/fl_fss/c/fss_basic.c
+++ b/level_1/fl_fss/c/fss_basic.c
@@ -300,7 +300,7 @@ extern "C"{
     if (buffer.string[input->start] == f_fss_delimit_slash) {
       f_string_length delimit_slash_count = 0;
 
-      while (input->start <= input->stop) {
+      while (input->start <= input->stop && input->start < buffer.used) {
         if (buffer.string[input->start] == f_fss_delimit_placeholder) {
           input->start++;
           continue;
@@ -348,7 +348,7 @@ extern "C"{
       input->start++;
     }
 
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
       if (buffer.string[input->start] == f_fss_delimit_placeholder) {
         input->start++;
         continue;
@@ -357,11 +357,11 @@ extern "C"{
 
         input->start++;
 
-        while (input->start <= input->stop && isspace(buffer.string[input->start])) {
+        while (input->start <= input->stop && input->start < buffer.used && isspace(buffer.string[input->start])) {
           input->start++;
         } // while
 
-        if (input->start > input->stop) {
+        if (input->start > input->stop || input->start >= buffer.used) {
           object->string[first_space] = f_fss_basic_open;
           object->used = object_position.stop + 1;
           break;
@@ -374,7 +374,7 @@ extern "C"{
         object->string[object_position.stop] = f_fss_delimit_double_quote;
         object_position.stop++;
 
-        while (input->start <= input->stop) {
+        while (input->start <= input->stop && input->start < buffer.used) {
           if (buffer.string[input->start] == f_fss_delimit_placeholder) {
             input->start++;
             continue;
@@ -400,7 +400,7 @@ extern "C"{
 
               fl_macro_fss_skip_past_delimit_placeholders(buffer, (*input));
 
-              if (input->start > input->stop) {
+              if (input->start > input->stop || input->start >= buffer.used) {
                 break;
               }
 
@@ -478,7 +478,7 @@ extern "C"{
       if (f_macro_test_for_allocation_errors(status)) return status;
     }
 
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
       if (buffer.string[input->start] != f_eol && buffer.string[input->start] != f_fss_delimit_placeholder) {
         content->string[content_position.stop] = buffer.string[input->start];
         content_position.stop++;
diff --git a/level_1/fl_fss/c/fss_extended.c b/level_1/fl_fss/c/fss_extended.c
index 75b2202..903bc29 100644
--- a/level_1/fl_fss/c/fss_extended.c
+++ b/level_1/fl_fss/c/fss_extended.c
@@ -432,7 +432,7 @@ extern "C"{
     if (buffer.string[input->start] == f_fss_delimit_slash) {
       f_string_length delimit_slash_count = 0;
 
-      while (input->start <= input->stop) {
+      while (input->start <= input->stop && input->start < buffer.used) {
         if (buffer.string[input->start] == f_fss_delimit_placeholder) {
           input->start++;
           continue;
@@ -480,7 +480,7 @@ extern "C"{
       input->start++;
     }
 
-    while (input->start <= input->stop) {
+    while (input->start <= input->stop && input->start < buffer.used) {
       if (buffer.string[input->start] == f_fss_delimit_placeholder) {
         input->start++;
         continue;
@@ -489,11 +489,11 @@ extern "C"{
 
         input->start++;
 
-        while (input->start <= input->stop && isspace(buffer.string[input->start])) {
+        while (input->start <= input->stop && input->start < buffer.used && isspace(buffer.string[input->start])) {
           input->start++;
         } // while
 
-        if (input->start > input->stop) {
+        if (input->start > input->stop || input->start >= buffer.used) {
           object->string[first_space] = f_fss_extended_open;
           object->used = object_position.stop + 1;
           break;
@@ -506,7 +506,7 @@ extern "C"{
         object->string[object_position.stop] = f_fss_delimit_double_quote;
         object_position.stop++;
 
-        while (input->start <= input->stop) {
+        while (input->start <= input->stop && input->start < buffer.used) {
           if (buffer.string[input->start] == f_fss_delimit_placeholder) {
             input->start++;
             continue;
@@ -532,7 +532,7 @@ extern "C"{
 
               fl_macro_fss_skip_past_delimit_placeholders(buffer, (*input));
 
-              if (input->start > input->stop) {
+              if (input->start > input->stop || input->start >= buffer.used) {
                 break;
               }
 
-- 
1.8.3.1