On 22/04/2014 3:17 a.m., Alex Rousskov wrote:
> On 04/20/2014 02:08 AM, Amos Jeffries wrote:
>
>> + while ((rv = *left - *right++) == 0) {
>> + if (*left++ == '\0' || --byteCount == 0)
>> + break;
>> + }
>
>> + // If we stopped scanning because we reached the end of buf()
>> + if (!byteCount && length() < n)
>> + return '\0' - *right;
>
>
> The comment does not quite match the condition because it ignores the
> second part of the condition. The whole condition is closer to something
> like "we reached the end of buf() before we reached the end of s". That
> "before" part (missing in the comment and difficult to guess) is what
> actually makes "right" dereferencing safe in this patch revision AFAICT.
>
> I do not see any bugs in the latest patch, and the above problem can be
> fixed during commit IMO. Please do not forget to add test cases (missing
> in the latest patch).
Done and applied.
Thank you for your time on this.
Amos
