From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from Princeton.EDU ([128.112.128.1]) by archone.tamu.edu with SMTP id <45331>; Mon, 17 Feb 1992 20:13:12 -0600
Received: from and.Princeton.EDU by Princeton.EDU (5.65b/2.85/princeton)
	id AA27826; Mon, 17 Feb 92 21:12:55 -0500
Received: by math.princeton.edu (4.0/1.110)
	id AA10506; Mon, 17 Feb 92 21:12:52 EST
Date: Mon, 17 Feb 1992 20:12:52 -0600
Message-Id: <9202180212.AA10506@math.princeton.edu>
From: rjc@math.Princeton.EDU
To: rc@archone.tamu.edu
Subject: Bug in Simmy's readline replacement (with patch)

This one took me two days to track down.

edit/editline.c, function insert_string:

Change

    if ((el_end + len) > el_length)

to

    if ((el_end + len + 1) > el_length)

or more efficiently,

    if ((el_end + len) >= el_length)

Simmy forgot to count the trailing 0 that terminates a string.

Without this, we end up storing a 0 past the end of our allocated
block, stomping on the malloc arena, and causing weird crashes in
weird places at unspecified points in the future.

(Sorry, no context diff since I had to hack up other stuff to get rc
to run on my bizarre box that doesn't deserve the name UNIX.)
--
Raymond ``What a ripoff.  I bust my butt day in and day out...''[7f01] Chen
         (Only Brendan will get the quote ref.)