timidity.c: fix potential buffer overrun in RWgets stable-1.0
authorOzkan Sezer <sezero@users.sourceforge.net>
Wed, 24 May 2017 11:28:05 -0400
branchstable-1.0
changeset 598 0c4026dd3274
parent 597 b46d67284ff3
timidity.c: fix potential buffer overrun in RWgets

(num_read check was off-by-one.) also simplify the procedure a bit.
decoders/timidity/timidity.c
--- a/decoders/timidity/timidity.c	Wed Aug 15 21:35:08 2012 -0400
+++ b/decoders/timidity/timidity.c	Wed May 24 11:28:05 2017 -0400
@@ -54,28 +54,30 @@
 static char *RWgets(SDL_RWops *rw, char *s, int size)
 {
     int num_read = 0;
-    int newline = 0;
+    char *p = s;
 
-    while (num_read < size && !newline)
+    --size;/* so that we nul terminate properly */
+
+    for (; num_read < size; ++p)
     {
-	if (SDL_RWread(rw, &s[num_read], 1, 1) != 1)
+	if (SDL_RWread(rw, p, 1, 1) != 1)
 	    break;
 
+	num_read++;
+
 	/* Unlike fgets(), don't store newline. Under Windows/DOS we'll
 	 * probably get an extra blank line for every line that's being
 	 * read, but that should be ok.
 	 */
-	if (s[num_read] == '\n' || s[num_read] == '\r')
+	if (*p == '\n' || *p == '\r')
 	{
-	    s[num_read] = '\0';
-	    newline = 1;
+	    *p = '\0';
+	    return s;
 	}
-	
-	num_read++;
     }
 
-    s[num_read] = '\0';
-    
+    *p = '\0';
+
     return (num_read != 0) ? s : NULL;
 }