From f81279ff583ef81bc88a46dd1d0140fb6e0ed222 Mon Sep 17 00:00:00 2001
From: Rich Felker <dalias@aerifal.cx>
Date: Sun, 4 Sep 2011 16:04:28 -0400
Subject: [PATCH] fmemopen fixes

disallow seek past end of buffer (per posix)
fix position accounting to include data buffered for read
don't set eof flag when no data was requested
---
 src/stdio/fmemopen.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/stdio/fmemopen.c b/src/stdio/fmemopen.c
index f518528f..ddb24331 100644
--- a/src/stdio/fmemopen.c
+++ b/src/stdio/fmemopen.c
@@ -16,7 +16,7 @@ fail:
 		return -1;
 	}
 	base = (size_t [3]){0, c->pos, c->len}[whence];
-	if (off < -base || off > SSIZE_MAX-base) goto fail;
+	if (off < -base || off > (ssize_t)c->size-base) goto fail;
 	return c->pos = base+off;
 }
 
@@ -24,6 +24,7 @@ static size_t mread(FILE *f, unsigned char *buf, size_t len)
 {
 	struct cookie *c = f->cookie;
 	size_t rem = c->size - c->pos;
+	if (!len) return 0;
 	if (len > rem) len = rem;
 	memcpy(buf, c->buf+c->pos, len);
 	c->pos += len;
@@ -32,6 +33,7 @@ static size_t mread(FILE *f, unsigned char *buf, size_t len)
 	f->rpos = f->buf;
 	f->rend = f->buf + rem;
 	memcpy(f->rpos, c->buf+c->pos, rem);
+	c->pos += rem;
 	if (!len) f->flags |= F_EOF;
 	return len;
 }
-- 
2.20.1