Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!mcvax!ukc!iau
From: iau@ukc.ac.uk (I.A.Utting)
Newsgroups: net.text,net.bugs
Subject: Re: DWB tbl bug!! HELP
Message-ID: <711@eagle.ukc.ac.uk>
Date: Thu, 6-Feb-86 09:54:12 EST
Article-I.D.: eagle.711
Posted: Thu Feb  6 09:54:12 1986
Date-Received: Sun, 9-Feb-86 06:52:44 EST
References: <98@calgary.UUCP> <121@mm730.uq.OZ>
Reply-To: iau@ukc.UUCP (I.A.Utting)
Distribution: net
Organization: U of Kent at Canterbury, Canterbury, UK
Lines: 21
Xref: watmath net.text:927 net.bugs:739

In article <121@mm730.uq.OZ> probe@mm730.UUCP writes:
>The problem arises when something scribbles 4 bytes into the input
>buffer of (FILE *)tabin.
>It occurs during the call to frearr() after the first table finishes printing
>when the alloc'd memory is freed.
>I think the problem is caused by the allocation at line 291 of t4.c
>in routine garray() and the problem seems to have gone away by increasing
>the allocation to 'sep' by one int.:
>	sep = (int *) getcore(qcol+2, sizeof(int));
>	sep++; /* sep[-1] must be legal */
> ....

Although we don't use DWB tbl, I've fixed this problem in the early-ditroff
version we do use, the problem might be the same.

Check out the code that frees sep. I guess you'll find that it does just
that. It should of course free --sep. This is an EXTREMELY DIRTY FIX. Use
your imagination to make it tidier.

		Ian Utting	iau@ukc.uucp