Closed lukq closed 1 year ago
you may be thinking that the last character c in some large string will end up in the first of the two extra bytes allocated at the end of the buffer. this is never the case.
Ok. Then please, can you explain how that is not the case that the character is written into the first of the two extra bytes? bp
points to the first of the two extra bytes. *bp++=c; would write to the position pointed to by bp, which is the first of the two bytes.
https://github.com/onetrueawk/awk/blob/5e49ea4d1f71d9134734011f2151cae4dbec5e5f/lex.c#L456 At line 456, Lex.c bp++ = ' '; bp++ = '\0'; I think the code writes possibly one byte past buffer end.
How I arrived at this conclusion: The buffer adjustment code is:
if (!adjbuf(&buf, &bufsz, bp-buf+2, 500, &bp, "string"))
FATAL("out of space for string %.10s...", buf);
The length bp-buf+2 should guarantee two chars beyond the current buffer length. If for example the rest of the string is c" (i.e. one character and delimiter), then the code copies one character*bp++ = c;
then ends the for loop and finishes string with null character*bp = 0;
but even later, it rewrites null character with space and writes one extra null character*bp++ = ' '; *bp++ = '\0';