From 2df8660f8b705efad548340f699751412b15b7dc Mon Sep 17 00:00:00 2001
From: Calvin Rose <calsrose@gmail.com>
Date: Sun, 12 Jan 2020 11:31:41 -0600
Subject: [PATCH] Avoid buffer overrun

On very long binding names > 256 characters, a buffer overrun would be
trigger in janet_cfuns. Not a huge issue, since this is not really code
that would ever be user facing, but we can fix this.
---
 README.md       |  2 +-
 src/core/util.c | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 426fb355..3e98903f 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ janet could be embedded into other programs. Try janet in your browser at
 
 ## Use Cases
 
-Janet makes a good system scripting language, or a language to embed in other programs. Think Lua or Guile.
+Janet makes a good system scripting language, or a language to embed in other programs, like Lua or Guile.
 
 ## Features
 
diff --git a/src/core/util.c b/src/core/util.c
index c9054523..03a46f88 100644
--- a/src/core/util.c
+++ b/src/core/util.c
@@ -282,8 +282,16 @@ void janet_cfuns(JanetTable *env, const char *regprefix, const JanetReg *cfuns)
         if (NULL != regprefix) {
             int32_t nmlen = 0;
             while (cfuns->name[nmlen]) nmlen++;
+            int32_t totallen = (int32_t) prefixlen + nmlen;
+            if ((size_t) totallen > bufsize) {
+                bufsize = (size_t) (totallen) + 128;
+                longname_buffer = realloc(longname_buffer, bufsize);
+                if (NULL == longname_buffer) {
+                    JANET_OUT_OF_MEMORY;
+                }
+            }
             memcpy(longname_buffer + prefixlen, cfuns->name, nmlen);
-            name = janet_wrap_symbol(janet_symbol(longname_buffer, (int32_t) prefixlen + nmlen));
+            name = janet_wrap_symbol(janet_symbol(longname_buffer, totallen));
         } else {
             name = janet_csymbolv(cfuns->name);
         }
@@ -316,7 +324,7 @@ typedef struct {
 
 void janet_register_abstract_type(const JanetAbstractType *at) {
     JanetAbstractTypeWrap *abstract = (JanetAbstractTypeWrap *)
-                                      janet_abstract(&type_wrap, sizeof(JanetAbstractTypeWrap));
+        janet_abstract(&type_wrap, sizeof(JanetAbstractTypeWrap));
     abstract->at = at;
     Janet sym = janet_csymbolv(at->name);
     if (!(janet_checktype(janet_table_get(janet_vm_registry, sym), JANET_NIL))) {