Segmentation fault with pipe (Array index out of bounds) #25
Description
I found segmentation fault with following operation.
( "man gcc" is enough large to cause segmentation fault in this case. :) )
$ hw --version
highway version 1.1.0
$ man gcc | hw hoge
Segmentation fault (core dumped)
$ man gcc | wc
15597 101199 822142
It seems that the "search" function has the out of bounds access to array.
Please check the followings.
Segmentation fault happens in line 424.
The "read_sum" can become larger than NMAX by addition in line 416.
392 int search(int fd,
393 const char *pattern,
394 int pattern_len,
395 enum file_type t,
396 match_line_list *match_lines,
397 int thread_no)
398 {
399 char eol = '\n';
400 size_t line_count = 0;
401 size_t read_sum = 0;
402 size_t n = NMAX;
403 ssize_t read_len;
404 int buf_offset = 0;
405 int match_count = 0;
406 bool do_search = false;
407 char *buf = (char *)hw_calloc(n + 1, SIZE_OF_CHAR);
408 char *last_new_line_scan_pos = buf;
409 char *last_line_end;
410
411 if (!op.use_regex) {
412 prepare_fjs(pattern, pattern_len, t);
413 }
414
415 while ((read_len = read(fd, buf + buf_offset, NMAX)) > 0) {
416 read_sum += read_len;
417
418 // Search end position of the last line in the buffer. We search from the first posi 418 tion
419 // and end position of the last line.
420 size_t search_len;
421 if (read_len < NMAX) {
422 last_line_end = buf + read_sum;
423 search_len = read_sum;
424 buf[read_sum] = eol;
425 } else {