From 951c9b66f40592d26fc9cd9f97b05af3a7cb711e Mon Sep 17 00:00:00 2001
From: Ben10do <Ben10do@users.noreply.github.com>
Date: Thu, 26 Jan 2017 22:01:03 +0000
Subject: [PATCH] Don't segfault on null bytes in REPTs and MACROs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, the copyrept() and copymacro() functions would halt their
first loop (in which they determine the length of the block)
prematurely,  causing an underflow when setting len, eventually causing
memory issues.

Whilst this doesn’t solve the len underflow entirely (e.g. if the file
ends immediately without an ENDR/ENDM), it should help with this exact
scenario of null bytes (as #50).
---
 src/asm/asmy.y | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/asm/asmy.y b/src/asm/asmy.y
index 29dd9f01..ae927ff3 100644
--- a/src/asm/asmy.y
+++ b/src/asm/asmy.y
@@ -142,8 +142,9 @@ void	copyrept( void )
 {
 	SLONG	level=1, len, instring=0;
 	char	*src=pCurrentBuffer->pBuffer;
+	char	*bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
 
-	while( *src && level )
+	while( src < bufferEnd && level )
 	{
 		if( instring==0 )
 		{
@@ -217,8 +218,9 @@ void	copymacro( void )
 {
 	SLONG	level=1, len, instring=0;
 	char	*src=pCurrentBuffer->pBuffer;
+	char	*bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
 
-	while( *src && level )
+	while( src < bufferEnd && level )
 	{
 		if( instring==0 )
 		{