From Paul Fox - don't walk past end of buf when prescanning bogus GPX.

diff --git a/gpsbabel/gpx.c b/gpsbabel/gpx.c
index 4e7c841f25119e82aedefd8778f252163f3c6142..2be37b87fd7813353f2dbdafb9994641d6211ad9 100644 (file)
--- a/gpsbabel/gpx.c
+++ b/gpsbabel/gpx.c
@@ -1023,6 +1023,7 @@ gpx_read(void)
        int done = 0;
        char *buf = xmalloc(MY_CBUF_SZ);
        int result = 0;
+       int extra;
 
        while (!done) {
                if ( fd ) {
@@ -1047,7 +1048,8 @@ gpx_read(void)
                        buf[len] = '\0';
                        badchar = buf+len-maxentlength;
                        badchar = strchr( badchar, '&' );
-                       while ( badchar ) {
+                       extra = maxentlength - 1; /* for terminator */
+                       while ( badchar && len < MY_CBUF_SZ-1) {
                                int extra = maxentlength-1; /* for terminator */
                                semi = strchr( badchar, ';');
                                while ( extra && !semi ) {