From 84681e5d410cace6dac2874e7e602ab1848c0d89 Mon Sep 17 00:00:00 2001
From: Kristaps Dzonsons <kristaps@bsd.lv>
Date: Mon, 18 Aug 2014 21:07:53 +0000
Subject: Control reading off the edge of our buffer in term_flushln(). This
 happens in specific conditions (trailing whitespace in certain terminal
 modes), but in practise, it happens quite often (as reported by valgrind). In
 short, "Nothing about term_flushln() is simple.  Srsly!" (schwarze@)
 Discussed on tech@, ok schwarze@.

---
 term.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/term.c b/term.c
index ed268e56..da1f20c9 100644
--- a/term.c
+++ b/term.c
@@ -1,4 +1,4 @@
-/*	$Id: term.c,v 1.227 2014/08/10 23:54:41 schwarze Exp $ */
+/*	$Id: term.c,v 1.228 2014/08/18 21:07:53 kristaps Exp $ */
 /*
  * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -220,7 +220,7 @@ term_flushln(struct termp *p)
 				break;
 			if (' ' == p->buf[i]) {
 				j = i;
-				while (' ' == p->buf[i])
+				while (i < p->col && ' ' == p->buf[i])
 					i++;
 				dv = (i - j) * (*p->width)(p, ' ');
 				vbl += dv;
-- 
cgit v1.2.3-56-ge451