From 8f0185c58df244d4cf42b213771693d2f0f47bdb Mon Sep 17 00:00:00 2001
From: Xavier Leroy <xavier.leroy@inria.fr>
Date: Sun, 28 Mar 2010 08:16:45 +0000
Subject: [PATCH] PR#5004: overflow in Buffer.add_channel

git-svn-id: http://caml.inria.fr/svn/ocaml/trunk@10216 f963ae5c-01c2-4b8c-9fe0-0dff7051ff02
---
 Changes          | 1 +
 stdlib/buffer.ml | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/Changes b/Changes
index 9430f42ee..2cd2c38de 100644
--- a/Changes
+++ b/Changes
@@ -58,6 +58,7 @@ Standard library:
 
 Bug Fixes:
 - PR#4775: compiler crash on crazy types (temporary fix)
+- PR#5004: problem in Buffer.add_channel with very large lengths.
 - PR#5008: on AMD64/MSVC port, rare float corruption during GC.
 
 Objective Caml 3.11.2:
diff --git a/stdlib/buffer.ml b/stdlib/buffer.ml
index 088840981..9327aaefb 100644
--- a/stdlib/buffer.ml
+++ b/stdlib/buffer.ml
@@ -100,6 +100,8 @@ let add_buffer b bs =
   add_substring b bs.buffer 0 bs.position
 
 let add_channel b ic len =
+  if len < 0 || len > Sys.max_string_length then   (* PR#5004 *)
+    invalid_arg "Buffer.add_channel";
   if b.position + len > b.length then resize b len;
   really_input ic b.buffer b.position len;
   b.position <- b.position + len