From cc5d5d573c17e6878b6802e8feac0dcfd0a1cf09 Mon Sep 17 00:00:00 2001
From: Alex Shinn <ashinn@users.noreply.github.com>
Date: Mon, 12 Dec 2011 09:37:58 +0900
Subject: [PATCH] string-ref and string-set! will raise an error on the
 trailing null byte.

---
 eval.c | 4 ++++
 sexp.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/eval.c b/eval.c
index 59a0e7ca..721420ba 100644
--- a/eval.c
+++ b/eval.c
@@ -1469,6 +1469,8 @@ sexp sexp_string_utf8_index_ref (sexp ctx, sexp self, sexp_sint_t n, sexp str, s
   sexp_assert_type(ctx, sexp_fixnump, SEXP_FIXNUM, i);
   off = sexp_string_index_to_offset(ctx, self, n, str, i);
   if (sexp_exceptionp(off)) return off;
+  if (sexp_unbox_fixnum(off) >= sexp_string_length(str))
+    return sexp_user_exception(ctx, self, "string-ref: index out of range", i);
   return sexp_string_utf8_ref(ctx, str, off);
 }
 
@@ -1522,6 +1524,8 @@ sexp sexp_string_utf8_index_set (sexp ctx, sexp self, sexp_sint_t n, sexp str, s
   sexp_assert_type(ctx, sexp_charp, SEXP_CHAR, ch);
   off = sexp_string_index_to_offset(ctx, self, n, str, i);
   if (sexp_exceptionp(off)) return off;
+  if (sexp_unbox_fixnum(off) >= sexp_string_length(str))
+    return sexp_user_exception(ctx, self, "string-set!: index out of range", i);
   sexp_string_utf8_set(ctx, str, off, ch);
   return SEXP_VOID;
 }
diff --git a/sexp.c b/sexp.c
index e5ea24d7..ee56b9a1 100644
--- a/sexp.c
+++ b/sexp.c
@@ -894,7 +894,7 @@ sexp sexp_string_index_to_offset (sexp ctx, sexp self, sexp_sint_t n, sexp str,
   limit = sexp_string_length(str);
   for (j=0, i=sexp_unbox_fixnum(index); i>0 && j<limit; i--)
     j += sexp_utf8_initial_byte_count(p[j]);
-  if (i>0)
+  if (i != 0)
     return sexp_user_exception(ctx, self, "string-index->offset: index out of range", index);
   return sexp_make_fixnum(j);
 }