From c5b2463de49dd29feb648454afc17ec7549e1b39 Mon Sep 17 00:00:00 2001
From: ~hatteb-mitlyd <anthony@tlon.io>
Date: Fri, 9 May 2014 12:45:41 -0700
Subject: [PATCH] Revert "Revert "fix rub to crash gracefully upon decoding
 invalid data""

This reverts commit 8c87faf180e00c582b01f7c4e82b77b17933596a.

The previous use-after-free fix appears to alleviate the crash "caused"
by this code.
---
 gen164/5/rub.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gen164/5/rub.c b/gen164/5/rub.c
index d23e5d2777..923780ea5e 100644
--- a/gen164/5/rub.c
+++ b/gen164/5/rub.c
@@ -16,6 +16,8 @@
     u2_atom w, x, y, z;
     u2_atom p, q;
 
+    u2_atom m = j2_mbc(Pt1, add)(wir_r, a, u2_met(0, b));
+
     //  Compute c and d.
     {
       x = u2_rx(wir_r, a);
@@ -23,6 +25,12 @@
       while ( _0 == j2_mbc(Pt3, cut)(wir_r, _0, x, _1, b) ) {
         u2_atom y = j2_mbc(Pt1, inc)(wir_r, x);
 
+        //  Sanity check: crash if decoding more bits than available
+        if ( u2_yes == j2_mbc(Pt1, gth)(wir_r, x, m)) {
+          //  fprintf(stderr, "[%%rub-hard %d %d %d]\r\n", a, x, m);
+          return u2_bl_bail(wir_r, c3__exit);
+        }
+
         u2_rz(wir_r, x);
         x = y;
       }
@@ -77,6 +85,6 @@
 */
   u2_ho_jet
   j2_mbj(Pt5, rub)[] = {
-    { ".2", c3__hevy, j2_mb(Pt5, rub), Tier3, u2_none, u2_none },
+    { ".2", c3__hevy, j2_mb(Pt5, rub), Tier5, u2_none, u2_none },
     { }
   };