From bde2f35a9f2d894ec88ad693633e89279b0560b9 Mon Sep 17 00:00:00 2001
From: dearblue <dearblue@users.noreply.github.com>
Date: Fri, 12 Jul 2019 21:23:55 +0900
Subject: Fix heap buffer overflow; fix #4569

---
 src/string.c | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

(limited to 'src/string.c')

diff --git a/src/string.c b/src/string.c
index 0700f81fa..056348921 100644
--- a/src/string.c
+++ b/src/string.c
@@ -324,22 +324,20 @@ str_index_str_by_char_search(mrb_state *mrb, const char *p, const char *pend, co
   }
 
   /* Searching */
-  if (p < pend && pend - p >= slen) {
-    for (;;) {
-      const char *pivot;
+  while (p < pend && pend - p >= slen) {
+    const char *pivot;
 
-      if (memcmp(p, s, slen) == 0) {
-        return off;
-      }
+    if (memcmp(p, s, slen) == 0) {
+      return off;
+    }
 
-      pivot = p + qstable[(unsigned char)p[slen - 1]];
-      if (pivot > pend || pivot < p /* overflowed */) { return -1; }
+    pivot = p + qstable[(unsigned char)p[slen - 1]];
+    if (pivot > pend || pivot < p /* overflowed */) { return -1; }
 
-      do {
-        p += utf8len(p, pend);
-        off ++;
-      } while (p < pivot);
-    }
+    do {
+      p += utf8len(p, pend);
+      off ++;
+    } while (p < pivot);
   }
 
   return -1;
-- 
cgit v1.2.3