PATCH: fix a memory leak and potential heap corruption when rotating lines

[Roman Perepelitsa <roman.perepelitsa@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 496 bytes --]

I've bumped into this code accidentally while trying to do something
unrelated. It looks wrong to me although there is a good chance I'm
misreading it. I'm attaching a patch that either fixes two bugs,
introduces two new bugs, or does something in between. I'll appreciate
if someone more experienced can take a look at it.

All test pass with this patch and my zsh seems to work fine. I haven't
verified that this code actually runs either during testing or when
I'm using zsh normally.

Roman.

[-- Attachment #2: fix-rotate-lines.patch.txt --]
[-- Type: text/plain, Size: 793 bytes --]

diff --git a/Src/Zle/zle_refresh.c b/Src/Zle/zle_refresh.c
index 7cc338ab1..85e55e0d4 100644
--- a/Src/Zle/zle_refresh.c
+++ b/Src/Zle/zle_refresh.c
@@ -1652,7 +1652,7 @@ zrefresh(void)
 		zfree(obuf[iln], (winw + 2) * sizeof(**obuf));
 		for (t0 = iln; t0 != olnct; t0++)
 		    obuf[t0] = obuf[t0 + 1];
-		obuf[olnct--] = NULL;
+		obuf[--olnct] = NULL;
 	    }
 	/* don't try to insert a line if olnct = vmaxln (vmaxln is the number
 	   of lines that have been displayed by this routine) so that we don't
@@ -1662,7 +1662,6 @@ zrefresh(void)
 		     obuf[iln] && !ZR_strncmp(obuf[iln], nbuf[iln + 1], 16)) {
 		moveto(iln, 0);
 		tcout(TCINSLINE);
-		zfree(obuf[olnct], (winw + 2) * sizeof(**obuf));
 		for (t0 = olnct; t0 != iln; t0--)
 		    obuf[t0] = obuf[t0 - 1];
 		obuf[iln] = NULL;