From c92b4704d0b650880a7d31f0996b65e675702168 Mon Sep 17 00:00:00 2001
From: nathancorvussolis <nathancorvussolis@gmail.com>
Date: Fri, 4 Mar 2016 17:16:27 +0900
Subject: [PATCH] Fix binary search midpoint overflow

---
 crvskkserv.sln                   |  4 +--
 crvskkserv/search_dictionary.cpp | 42 ++++++++++++++++----------------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/crvskkserv.sln b/crvskkserv.sln
index a242e04..72ee8a2 100644
--- a/crvskkserv.sln
+++ b/crvskkserv.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Express 2013 for Windows Desktop
-VisualStudioVersion = 12.0.30501.0
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crvskkserv", "crvskkserv\crvskkserv.vcxproj", "{EE56E58B-C54E-425C-A0AF-292B4653B1F0}"
 EndProject
diff --git a/crvskkserv/search_dictionary.cpp b/crvskkserv/search_dictionary.cpp
index cb1d5e6..1d771ed 100644
--- a/crvskkserv/search_dictionary.cpp
+++ b/crvskkserv/search_dictionary.cpp
@@ -22,7 +22,7 @@ void init_search_dictionary(DICINFO &dicinfo)
 	_wfopen_s(&fpidx, idxpath, RB);
 	if(fpidx != NULL)
 	{
-		while(fread(&pos, 4, 1, fpidx) == 1)
+		while(fread(&pos, sizeof(pos), 1, fpidx) == 1)
 		{
 			dicinfo.pos.push_back(pos);
 		}
@@ -44,7 +44,7 @@ void init_search_dictionary(DICINFO &dicinfo)
 
 		while((pb = fgets(buf, sizeof(buf), fpdic)) != NULL)
 		{
-			sbuf.append(buf);
+			sbuf += buf;
 
 			if(!sbuf.empty() && sbuf.back() == '\n')
 			{
@@ -67,7 +67,8 @@ void init_search_dictionary(DICINFO &dicinfo)
 		}
 		else if(okuri != -1)
 		{
-			if((pidx = sbuf.find_first_of('\x20')) != std::string::npos)
+			pidx = sbuf.find("\x20/");
+			if(pidx != std::string::npos && pidx <= sbuf.size())
 			{
 				map.insert(PAIR(sbuf.substr(0, pidx), pos));
 			}
@@ -107,10 +108,8 @@ void search_dictionary(DICINFO &dicinfo, const std::string &key, std::string &s)
 {
 	FILE *fpdic;
 	CHAR buf[DICBUFSIZE];
-	std::string sbuf, ckey;
+	std::string ckey, sbuf, kbuf, cbuf;
 	long pos, left, mid, right;
-	int comp;
-	size_t pidx;
 	
 	_wfopen_s(&fpdic, dicinfo.path.c_str(), RB);
 	if(fpdic == NULL)
@@ -121,17 +120,17 @@ void search_dictionary(DICINFO &dicinfo, const std::string &key, std::string &s)
 	ckey = key + "\x20";
 
 	left = 0;
-	right = dicinfo.pos.size() - 1;
+	right = (long)dicinfo.pos.size() - 1;
 
 	while(left <= right)
 	{
-		mid = (left + right) / 2;
-		pos = dicinfo.pos.at(mid);
-
+		mid = left + (right - left) / 2;
+		pos = dicinfo.pos[mid];
 		fseek(fpdic, pos, SEEK_SET);
-		memset(buf, 0, sizeof(buf));
 		
 		sbuf.clear();
+		kbuf.clear();
+		cbuf.clear();
 
 		while(fgets(buf, _countof(buf), fpdic) != NULL)
 		{
@@ -143,19 +142,20 @@ void search_dictionary(DICINFO &dicinfo, const std::string &key, std::string &s)
 			}
 		}
 
-		comp = strncmp(ckey.c_str(), sbuf.c_str(), ckey.size());
-		if(comp == 0)
+		size_t cidx = sbuf.find("\x20/");
+		if(cidx != std::wstring::npos && cidx < sbuf.size())
 		{
-			if((pidx = sbuf.find_first_of('\x20')) != std::string::npos)
-			{
-				if((pidx = sbuf.find_first_of('/', pidx)) != std::string::npos)
-				{
-					s = sbuf.substr(pidx);
-				}
-			}
+			kbuf = sbuf.substr(0, cidx + 1);
+			cbuf = sbuf.substr(cidx + 1);
+		}
+
+		int cmpkey = ckey.compare(kbuf);
+		if(cmpkey == 0)
+		{
+			s = cbuf;
 			break;
 		}
-		else if(comp > 0)
+		else if(cmpkey > 0)
 		{
 			left = mid + 1;
 		}