From 59863eeb3e6d00c782063866d899a35f83b07ea5 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Fri, 31 May 2019 19:00:36 -0700
Subject: bugfix: list length: off-by-one error huge lists.

* lib.c (length_list, length_proper_list): Fix off-by-one bug
when calculating lengths of lists that overflow the cnum type.
Note that we will never see regular lists which hit this
situation, because there are more values in the range [0,
INT_PTR_MAX] then there are possible pointers in the system,
However, lazy lists can be that long or longer, because as we
calculate the length of a lazy list, the part we have already
traversed can be garbage-collected under the right
circumstances.
---
 lib.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib.c')

diff --git a/lib.c b/lib.c
index 6ac23b46..e3e1909e 100644
--- a/lib.c
+++ b/lib.c
@@ -3127,6 +3127,7 @@ val length_list(val list)
   if (len < INT_PTR_MAX)
     return num(len);
 
+  list = cdr(list);
   bn_len = num(INT_PTR_MAX);
 
   while (consp(list)) {
@@ -3152,6 +3153,7 @@ static val length_proper_list(val list)
   if (len < INT_PTR_MAX)
     return num(len);
 
+  list = cdr(list);
   bn_len = num(INT_PTR_MAX);
 
   while (list) {
-- 
cgit v1.2.3