Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!mcvax!ukc!warwick!jeff
From: jeff@warwick.UUCP (Jeff Smith)
Newsgroups: net.lang.c++
Subject: heap store corruption in C++ release 1 (+fix)
Message-ID: <253@ubu.warwick.UUCP>
Date: Thu, 10-Apr-86 10:35:32 EST
Article-I.D.: ubu.253
Posted: Thu Apr 10 10:35:32 1986
Date-Received: Sat, 12-Apr-86 22:23:21 EST
Distribution: net
Organization: Computer Science, Warwick University, UK
Lines: 32

The following fix to dcl.c corrects an off-by-one error (consider
the case when the signature function doesn't do anything - the
length l2 will be -1. I suppose the length should be unsigned really).


*** original/src/dcl.c	Mon Nov 25 15:53:28 1985
--- /usr/src/cmd/c++/src/dcl.c	Wed Apr  9 19:58:53 1986
***************
*** 113,118
  			if (nx && can_coerce(tx,cn->tp)) error("both %n::%n(%n) and %n::operator%t()",cn,cn,nx,tx);
  			char buf[128];
  			char* bb = tx->signature(buf);
  			int l2 = bb-buf-1;
  			char* p = new char[l2+3];
  			p[0] = '_';

--- 113,121 -----
  			if (nx && can_coerce(tx,cn->tp)) error("both %n::%n(%n) and %n::operator%t()",cn,cn,nx,tx);
  			char buf[128];
  			char* bb = tx->signature(buf);
+ #ifdef	STRLENFIXES
+ 			int l2 = bb - buf;
+ #else	!STRLENFIXES
  			int l2 = bb-buf-1;
+ #endif	STRLENFIXES
  			char* p = new char[l2+3];

Jeff

+44 203 523485
..mcvax!warwick!jeff                                   (uucp)
jeff%warwick.uucp%daisy.warwick.ac.uk@ucl-cs.arpa      (arpa)