From d390fa07f5548f3173dd9cc13b233db5ce934c82 Mon Sep 17 00:00:00 2001
From: Colin Leroy <colin@colino.net>
Date: Wed, 4 Nov 2015 22:40:32 +0100
Subject: [PATCH] Make sure we don't run out of the output buffer. Maybe fixes
 bug #3557

---
 src/codeconv.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/codeconv.c b/src/codeconv.c
index 42ac01c21..39e259fc6 100644
--- a/src/codeconv.c
+++ b/src/codeconv.c
@@ -155,10 +155,10 @@ void codeconv_set_strict(gboolean mode)
 static gint conv_jistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf)
 {
 	const guchar *in = inbuf;
-	guchar *out = outbuf;
+	gchar *out = outbuf;
 	JISState state = JIS_ASCII;
 
-	while (*in != '\0') {
+	while (*in != '\0' && (out - outbuf) > outlen - 3) {
 		if (*in == ESC) {
 			in++;
 			if (*in == '$') {
@@ -291,10 +291,10 @@ static gint conv_jis_hantozen(guchar *outbuf, guchar jis_code, guchar sound_sym)
 static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf)
 {
 	const guchar *in = inbuf;
-	guchar *out = outbuf;
+	gchar *out = outbuf;
 	JISState state = JIS_ASCII;
 
-	while (*in != '\0') {
+	while (*in != '\0' && (out - outbuf) < outlen - 3) {
 		if (IS_ASCII(*in)) {
 			K_OUT();
 			*out++ = *in++;
@@ -380,9 +380,9 @@ static gint conv_euctojis(gchar *outbuf, gint outlen, const gchar *inbuf)
 static gint conv_sjistoeuc(gchar *outbuf, gint outlen, const gchar *inbuf)
 {
 	const guchar *in = inbuf;
-	guchar *out = outbuf;
+	gchar *out = outbuf;
 
-	while (*in != '\0') {
+	while (*in != '\0' && (out - outbuf) < outlen - 3) {
 		if (IS_ASCII(*in)) {
 			*out++ = *in++;
 		} else if (issjiskanji1(*in)) {
-- 
2.25.1