* Bug #15213, #18635: The use of the insecure m_scratch() and

[mmh] / uip / scansbr.c

diff --git a/uip/scansbr.c b/uip/scansbr.c
index 6a9278b..c5f0329 100644 (file)
--- a/uip/scansbr.c
+++ b/uip/scansbr.c
@@ -81,11 +81,11 @@ scan (FILE *inb, int innum, int outnum, char *nfs, int width, int curflg,
     int i, compnum, encrypted, state;
     unsigned char *cp, *tmpbuf;
     char **nxtbuf;
-    char *saved_c_text;
+    char *saved_c_text = NULL;
     struct comp *cptr;
     struct comp **savecomp;
-    char *scnmsg;
-    FILE *scnout;
+    char *scnmsg = NULL;
+    FILE *scnout = NULL;
     char name[NAMESZ];
     static int rlwidth, slwidth;
 
@@ -256,6 +256,8 @@ body:;
                while (state == BODY) {
 #ifdef LINUX_STDIO
                    if (scnout->_IO_write_ptr == scnout->_IO_write_end) {
+#elif defined(__DragonFly__)
+                   if (((struct __FILE_public *)scnout)->_w <= 0) {
 #else
                    if (scnout->_cnt <= 0) {
 #endif
@@ -266,6 +268,10 @@ body:;
                    state = m_getfld(state, name, scnout->_IO_write_ptr,
                        (long)scnout->_IO_write_ptr-(long)scnout->_IO_write_end , inb);
                    scnout->_IO_write_ptr += msg_count;
+#elif defined(__DragonFly__)
+                   state = m_getfld( state, name, ((struct __FILE_public *)scnout)->_p, -(((struct __FILE_public *)scnout)->_w), inb );
+                   ((struct __FILE_public *)scnout)->_w -= msg_count;
+                   ((struct __FILE_public *)scnout)->_p += msg_count;
 #else
                    state = m_getfld( state, name, scnout->_ptr, -(scnout->_cnt), inb );
                    scnout->_cnt -= msg_count;