fix another memory corruption problem in display_string() found by

valgrind

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@2598 35c25a1d-7b9e-4130-9fde-d3aeb78583b8

diff --git a/ChangeLog b/ChangeLog
index d70544a412345c8214c38a265c2a6bca928c1a97..136d3be72691070507d93d5da306f9fe77d947fb 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -141,6 +141,9 @@ CVS code -
   do_statusbar_output()
        - Don't set answer_len until after it's been asserted that
          answer isn't NULL. (DLR)
+  display_string()
+       - Avoid a memory corruption problem by allocating enough space
+         for len plus a trailing multibyte character and/or tab. (DLR)
   nanogetstr()
        - Rename variable def to curranswer to avoid confusion. (DLR)
        - Only declare and use the tabbed variable if DISABLE_TABCOMP

diff --git a/src/winio.c b/src/winio.c
index 22128bd614bae990a638b9dbd3b96896d7d2b286..865c514ae3fabc8ba366e6b55af381c51e37d8d9 100644 (file)
--- a/src/winio.c
+++ b/src/winio.c
@@ -2254,9 +2254,9 @@ char *display_string(const char *buf, size_t start_col, size_t len, bool
 
     assert(column <= start_col);
 
-    /* Allocate enough space for the entire line.  It should contain
-     * (len + 2) multibyte characters at most. */
-    alloc_len = mb_cur_max() * (len + 2);
+    /* Allocate enough space for the entire line, accounting for a
+     * trailing multibyte character and/or tab. */
+    alloc_len = (mb_cur_max() * (len + 1)) + tabsize;
 
     converted = charalloc(alloc_len + 1);
     index = 0;