On 04/20/2014 02:08 AM, Amos Jeffries wrote:
> + while ((rv = *left - *right++) == 0) {
> + if (*left++ == '\0' || --byteCount == 0)
> + break;
> + }
> + // If we stopped scanning because we reached the end of buf()
> + if (!byteCount && length() < n)
> + return '\0' - *right;
The comment does not quite match the condition because it ignores the
second part of the condition. The whole condition is closer to something
like "we reached the end of buf() before we reached the end of s". That
"before" part (missing in the comment and difficult to guess) is what
actually makes "right" dereferencing safe in this patch revision AFAICT.
I do not see any bugs in the latest patch, and the above problem can be
fixed during commit IMO. Please do not forget to add test cases (missing
in the latest patch).
Thank you,
Alex.
