Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site lzwi.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!lzwi!mkg
From: mkg@lzwi.UUCP (M.GOSNELL)
Newsgroups: net.news.b
Subject: bug in 2.10.3 4.3bsd-beta
Message-ID: <359@lzwi.UUCP>
Date: Wed, 16-Oct-85 17:20:20 EDT
Article-I.D.: lzwi.359
Posted: Wed Oct 16 17:20:20 1985
Date-Received: Fri, 18-Oct-85 00:47:39 EDT
Organization: AT&T Information Systems, Lincroft
Lines: 48

There's a bug in rfuncs.c that can, if conditions are right, cause
readnews and vnews to constantly core dump.  The problem is that the
BITMAPSIZE is one too small and, depending on the value, can cause bitmap
to be one character too small.

The fix is that BITMAPSIZE should be high - low + 1 to include both ends
of the article id range rather than just high - low.  Below is a context
diff of my fix.
   Marsh Gosnell


*** orfuncs.c	Tue Jun 11 17:53:16 1985
--- rfuncs.c	Mon Oct 14 19:25:46 1985
***************
*** 171,177
   * holes), and so we assume the newsrc file is properly ordered, the way
   * we write it out.
   */
! 	if ((ngsize-minartno) > BITMAPSIZE) {
  		/* This should never happen */
  		(void) xerror(" Bitmap not large enough for newsgroup %s", groupdir);
  	}

--- 171,177 -----
   * holes), and so we assume the newsrc file is properly ordered, the way
   * we write it out.
   */
! 	if ((ngsize-minartno) >= BITMAPSIZE) {
  		/* This should never happen */
  		(void) xerror(" Bitmap not large enough for newsgroup %s", groupdir);
  	}
***************
*** 670,675
  #endif /* SORTACTIVE */
  	}
  	(void) fclose(afp);
  	BITMAPSIZE =  8 * ((BITMAPSIZE+7) / 8);
  	bitmap = malloc((unsigned)BITMAPSIZE/8);
  	if (bitmap == NULL)

--- 670,676 -----
  #endif /* SORTACTIVE */
  	}
  	(void) fclose(afp);
+ 	BITMAPSIZE++;	/* remember that size includes both ends */
  	BITMAPSIZE =  8 * ((BITMAPSIZE+7) / 8);
  	bitmap = malloc((unsigned)BITMAPSIZE/8);
  	if (bitmap == NULL)