Fix a bug where we could return too much data from the byte source. Add test.

[fjl] / bytesource.c

diff --git a/bytesource.c b/bytesource.c
index 9e46d20ec0fdd8411326f097e38e774399075176..fed7551d50721c1e06ed2057c3a23e4dc83c069a 100644 (file)
--- a/bytesource.c
+++ b/bytesource.c
@@ -21,7 +21,7 @@ uint8_t byte_source_read_marker(struct byte_source* src)
 {
        // Refill until we have at least two bytes or EOF.
        while (src->bytes_available < 2) {
-               const unsigned bytes_to_read = BYTESOURCE_CHUNK_SIZE - src->bytes_available;
+               const unsigned bytes_to_read = 2 - src->bytes_available;
                const ssize_t bytes_read =
                        (*src->input_func)(src->userdata,
                                           src->bytes + src->bytes_available,
@@ -57,12 +57,13 @@ ssize_t byte_source_input_func(void* source, uint8_t* buf, size_t len)
        while (src->bytes_available == 0 ||
               (src->bytes_available == 1 && src->bytes[0] == MARKER_CHAR)) {
                const unsigned space_left = BYTESOURCE_CHUNK_SIZE - src->bytes_available;
-               const size_t bytes_to_read = (len > space_left ? space_left : len);
+               const unsigned missing_data = len - src->bytes_available;
+               const size_t bytes_to_read = (missing_data > space_left ? space_left : missing_data);
                assert(bytes_to_read <= BYTESOURCE_CHUNK_SIZE);
                const ssize_t bytes_read =
                        (*src->input_func)(src->userdata,
-                                             src->bytes + src->bytes_available,
-                                             bytes_to_read);
+                                          src->bytes + src->bytes_available,
+                                          bytes_to_read);
                assert(bytes_read >= -1);
                assert(bytes_read <= (ssize_t)bytes_to_read);