Control reading off the edge of our buffer in term_flushln().

This happens in specific conditions (trailing whitespace in certain terminal modes), but in practise, it happens quite often (as reported by valgrind). In short, "Nothing about term_flushln() is simple. Srsly!" (schwarze@) Discussed on tech@, ok schwarze@.
author: Kristaps Dzonsons <kristaps@bsd.lv> 2014-08-18 21:07:53 +0000
committer: Kristaps Dzonsons <kristaps@bsd.lv> 2014-08-18 21:07:53 +0000
commit: 84681e5d410cace6dac2874e7e602ab1848c0d89 (patch)
tree: 132f792c39280d07781ec4c835e2798746b01fa4 /term.c
parent: b1980ad8f95c0b32e91275767b1c1d14b4249195 (diff)
download: mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.gz
mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.zst
mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/term.c b/term.c
index ed268e56..da1f20c9 100644
--- a/term.c
+++ b/term.c
@@ -1,4 +1,4 @@
-/*	$Id: term.c,v 1.227 2014/08/10 23:54:41 schwarze Exp $ */
+/*	$Id: term.c,v 1.228 2014/08/18 21:07:53 kristaps Exp $ */
 /*
  * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -220,7 +220,7 @@ term_flushln(struct termp *p)
 				break;
 			if (' ' == p->buf[i]) {
 				j = i;
-				while (' ' == p->buf[i])
+				while (i < p->col && ' ' == p->buf[i])
 					i++;
 				dv = (i - j) * (*p->width)(p, ' ');
 				vbl += dv;
author	Kristaps Dzonsons <kristaps@bsd.lv>	2014-08-18 21:07:53 +0000
committer	Kristaps Dzonsons <kristaps@bsd.lv>	2014-08-18 21:07:53 +0000
commit	84681e5d410cace6dac2874e7e602ab1848c0d89 (patch)
tree	132f792c39280d07781ec4c835e2798746b01fa4 /term.c
parent	b1980ad8f95c0b32e91275767b1c1d14b4249195 (diff)
download	mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.gz mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.zst mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.zip