From e665ad5f93d3bd2f9a4537da80d50b2b2f8e4c5d Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Tue, 22 Aug 2017 06:12:39 -0700
Subject: buffers: fix infinite loop in buf_grow.

* buf.c (buf_grow): When size is zero and len is nonzero, the
loop doesn't terminate. Replace silly loop with
straightforward calculation: grow buffer by 25%, capped at
INT_PTR_MAX, or grow to the length, whichever is larger.
---
 buf.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/buf.c b/buf.c
index b97bef41..b22ff2b2 100644
--- a/buf.c
+++ b/buf.c
@@ -143,12 +143,14 @@ static void buf_grow(struct buf *b, val init_val, val self)
   cnum oldsize = c_num(b->size), size = oldsize;
   cnum iv = c_u8(default_arg(init_val, zero), self);
 
-  while (size < len) {
-    cnum delta = size / 4;
-    if (INT_PTR_MAX - delta >= size)
-      size += delta;
-    else
-      size = len;
+  if (size < len) {
+    if (size > INT_PTR_MAX - INT_PTR_MAX / 5) {
+      size = INT_PTR_MAX;
+    } else {
+      size = size + size / 4;
+      if (size < len)
+        size = len;
+    }
   }
 
   if (size > oldsize) {
-- 
cgit v1.2.3