From a7b3a428501a855e3caee42474121fe8f387daf5 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 21 Dec 2003 15:38:01 +0000
Subject: * ext/syck/emitter.c (syck_emitter_write): str bigger than  
 e->bufsize causes buffer overflow.  [ruby-dev:22307]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/syck/emitter.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'ext/syck/emitter.c')

diff --git a/ext/syck/emitter.c b/ext/syck/emitter.c
index 1cc0ea5075..4dcc8b3fc5 100644
--- a/ext/syck/emitter.c
+++ b/ext/syck/emitter.c
@@ -232,9 +232,18 @@ syck_emitter_write( SyckEmitter *e, char *str, long len )
      * Flush if at end of buffer
      */
     at = e->marker - e->buffer;
-    if ( len + at > e->bufsize )
+    if ( len + at >= e->bufsize )
     {
         syck_emitter_flush( e, 0 );
+	for (;;) {
+	    long rest = e->bufsize - (e->marker - e->buffer);
+	    if (len <= rest) break;
+	    S_MEMCPY( e->marker, str, char, rest );
+	    e->marker += len;
+	    str += rest;
+	    len -= rest;
+	    syck_emitter_flush( e, 0 );
+	}
     }
 
     /*
-- 
cgit v1.2.3