- /* Remember jump destinations to detect loops and abort */
- size_t seen[512/8/sizeof(size_t)] = { 0 };
- unsigned char *sz = s + outlen;
- if (pz-b > 512) return -1;
- for (;;) {
- if (p>=pz) return -1;
- else if (*p&0xc0) {
- int j = (p[0]&1) | p[1];
- if (BITOP(seen, j, &)) return -1;
- BITOP(seen, j, |=);
- p = b + j;
+ const unsigned char *p = src;
+ char *dend, *dbegin = dest;
+ int len = -1, i, j;
+ if (p==end || space <= 0) return -1;
+ dend = dest + (space > 254 ? 254 : space);
+ /* detect reference loop using an iteration counter */
+ for (i=0; i < end-base; i+=2) {
+ /* loop invariants: p<end, dest<dend */
+ if (*p & 0xc0) {
+ if (p+1==end) return -1;
+ j = ((p[0] & 0x3f) << 8) | p[1];
+ if (len < 0) len = p+2-src;
+ if (j >= end-base) return -1;
+ p = base+j;