From a76386cba793369342a8bb5bb809d74d6158d938 Mon Sep 17 00:00:00 2001
From: Kristaps Dzonsons <kristaps@bsd.lv>
Date: Mon, 18 Aug 2014 21:07:53 +0000
Subject: Control reading off the edge of our buffer in term_flushln(). This
 happens in specific conditions (trailing whitespace in certain terminal
 modes), but in practise, it happens quite often (as reported by valgrind). In
 short, "Nothing about term_flushln() is simple.  Srsly!" (schwarze@)
 Discussed on tech@, ok schwarze@.

---
 term.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'term.c')

diff --git a/term.c b/term.c
index fb00fa62..f1e959a2 100644
--- a/term.c
+++ b/term.c
@@ -220,7 +220,7 @@ term_flushln(struct termp *p)
 				break;
 			if (' ' == p->buf[i]) {
 				j = i;
-				while (' ' == p->buf[i])
+				while (i < p->col && ' ' == p->buf[i])
 					i++;
 				dv = (i - j) * (*p->width)(p, ' ');
 				vbl += dv;
-- 
cgit