Fix sloppy bound checking in `string-{ref,set!}' with the empty string.

* libguile/strings.c (scm_string_ref): Add proper range checking for the
  empty string.
  (scm_string_set_x): Likewise.
  Reported by Bill Schottstaedt <bil@ccrma.Stanford.EDU>.

* test-suite/tests/strings.test ("string-ref"): New test prefix.
  ("string-set!")["empty string", "empty string and non-zero index",
  "out of range", "negative index", "regular string"]: New tests.

* NEWS: Update.

NEWS

@@ -47,6 +47,7 @@ available: Guile is now always configured in "maintainer mode".
    dynamic environment of the call to `raise'
 ** Fix potential deadlock in `make-struct'
 ** Fix compilation problem with libltdl from Libtool 2.2.x
+** Fix sloppy bound checking in `string-{ref,set!}' with the empty string
 
 
 Changes in 1.8.5 (since 1.8.4)

libguile/strings.c

@@ -670,10 +670,17 @@ SCM_DEFINE (scm_string_ref, "string-ref", 2, 0, 0,
 	    "indexing. @var{k} must be a valid index of @var{str}.")
 #define FUNC_NAME s_scm_string_ref
 {
+  size_t len;
   unsigned long idx;
 
   SCM_VALIDATE_STRING (1, str);
-  idx = scm_to_unsigned_integer (k, 0, scm_i_string_length (str)-1);
+
+  len = scm_i_string_length (str);
+  if (SCM_LIKELY (len > 0))
+    idx = scm_to_unsigned_integer (k, 0, len - 1);
+  else
+    scm_out_of_range (NULL, k);
+
   return SCM_MAKE_CHAR (scm_i_string_chars (str)[idx]);
 }
 #undef FUNC_NAME
@@ -693,10 +700,17 @@ SCM_DEFINE (scm_string_set_x, "string-set!", 3, 0, 0,
 	    "@var{str}.")
 #define FUNC_NAME s_scm_string_set_x
 {
+  size_t len;
   unsigned long idx;
 
   SCM_VALIDATE_STRING (1, str);
-  idx = scm_to_unsigned_integer (k, 0, scm_i_string_length(str)-1);
+
+  len = scm_i_string_length (str);
+  if (SCM_LIKELY (len > 0))
+    idx = scm_to_unsigned_integer (k, 0, len - 1);
+  else
+    scm_out_of_range (NULL, k);
+
   SCM_VALIDATE_CHAR (3, chr);
   {
     char *dst = scm_i_string_writable_chars (str);

test-suite/tests/strings.test

@@ -1,7 +1,7 @@
 ;;;; strings.test --- test suite for Guile's string functions    -*- scheme -*-
 ;;;; Jim Blandy <jimb@red-bean.com> --- August 1999
 ;;;;
-;;;; Copyright (C) 1999, 2001, 2004, 2005, 2006 Free Software Foundation, Inc.
+;;;; Copyright (C) 1999, 2001, 2004, 2005, 2006, 2008 Free Software Foundation, Inc.
 ;;;; 
 ;;;; This program is free software; you can redistribute it and/or modify
 ;;;; it under the terms of the GNU General Public License as published by
@@ -160,15 +160,62 @@
     (eq? (char-ci>=? (integer->char 0) (integer->char 255))
 	 (string-ci>=? (string-ints 0) (string-ints 255)))))
 
+;;
+;; string-ref
+;;
+
+(with-test-prefix "string-ref"
+
+  (pass-if-exception "empty string"
+    exception:out-of-range
+    (string-ref "" 0))
+
+  (pass-if-exception "empty string and non-zero index"
+    exception:out-of-range
+    (string-ref "" 123))
+
+  (pass-if-exception "out of range"
+    exception:out-of-range
+    (string-ref "hello" 123))
+
+  (pass-if-exception "negative index"
+    exception:out-of-range
+    (string-ref "hello" -1))
+
+  (pass-if "regular string"
+    (char=? (string-ref "GNU Guile" 4) #\G)))
+
 ;;
 ;; string-set!
 ;;
 
 (with-test-prefix "string-set!"
 
+  (pass-if-exception "empty string"
+    exception:out-of-range
+    (string-set! (string-copy "") 0 #\x))
+
+  (pass-if-exception "empty string and non-zero index"
+    exception:out-of-range
+    (string-set! (string-copy "") 123 #\x))
+
+  (pass-if-exception "out of range"
+    exception:out-of-range
+    (string-set! (string-copy "hello") 123 #\x))
+
+  (pass-if-exception "negative index"
+    exception:out-of-range
+    (string-set! (string-copy "hello") -1 #\x))
+
   (pass-if-exception "read-only string"
     exception:read-only-string
-    (string-set! (substring/read-only "abc" 0) 1 #\space)))
+    (string-set! (substring/read-only "abc" 0) 1 #\space))
+
+  (pass-if "regular string"
+    (let ((s (string-copy "GNU guile")))
+      (string-set! s 4 #\G)
+      (char=? (string-ref s 4) #\G))))
+
 
 (with-test-prefix "string-split"