From fd88bd7cc206692f027be124df69385194e9ea54 Mon Sep 17 00:00:00 2001
From: Jim Blandy <jimb@red-bean.com>
Date: Sun, 6 Sep 1998 18:15:19 +0000
Subject: [PATCH] * gh_data.c (gh_set_substr): Add casts to avoid
 signed/unsigned comparisons, and range checking to make sure those casts are
 harmless.

---
 libguile/gh_data.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/libguile/gh_data.c b/libguile/gh_data.c
index 13388bd2c..0282c2c45 100644
--- a/libguile/gh_data.c
+++ b/libguile/gh_data.c
@@ -102,16 +102,20 @@ void
 gh_set_substr (char *src, SCM dst, int start, int len)
 {
   char *dst_ptr;
-  unsigned long dst_len, effective_length;
+  unsigned long dst_len;
+  unsigned long effective_length;
 
   SCM_ASSERT (SCM_NIMP (dst) && SCM_STRINGP (dst), dst, SCM_ARG3,
 	      "gh_set_substr");
-  scm_protect_object (dst);
+
   dst_ptr = SCM_CHARS (dst);
   dst_len = SCM_LENGTH (dst);
-  effective_length = (len < dst_len) ? len : dst_len;
-  memcpy (dst_ptr + start, src, effective_length);
-  /* FIXME: must signal an error if len > dst_len */
+  SCM_ASSERT (len >= 0 && (unsigned) len <= dst_len,
+	      dst, SCM_ARG4, "gh_set_substr");
+  
+  scm_protect_object (dst);
+  effective_length = ((unsigned) len < dst_len) ? len : dst_len;
+  memmove (dst_ptr + start, src, effective_length);
   scm_unprotect_object (dst);
 }