Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!mcvax!ukc!warwick!jeff
From: jeff@warwick.UUCP (Jeff Smith)
Newsgroups: net.lang.c++
Subject: fix to second heap storage corruption bug in C++ release 1
Message-ID: <254@ubu.warwick.UUCP>
Date: Thu, 10-Apr-86 10:37:49 EST
Article-I.D.: ubu.254
Posted: Thu Apr 10 10:37:49 1986
Date-Received: Sat, 12-Apr-86 22:23:47 EST
Distribution: net
Organization: Computer Science, Warwick University, UK
Lines: 31

The following fix to dcl2.c corrects an off-by-one error (consider
the case when the signature function doesn't do anything - the
length l2 will be -1. I suppose the length should be unsigned really).

*** original/src/dcl2.c	Mon Nov 25 15:53:31 1985
--- /usr/src/cmd/c++/src/dcl2.c	Wed Apr  9 19:59:35 1986
***************
*** 100,105
  			char buf[128];
  			char* bb = n->tp->signature(buf);
  			int l1 = strlen(s);
  			int l2 = bb-buf-1;
  			char* p = new char[l1+l2+1];
  			strcpy(p,s);

--- 100,108 -----
  			char buf[128];
  			char* bb = n->tp->signature(buf);
  			int l1 = strlen(s);
+ #ifdef	STRLENFIXES
+ 			int l2 = bb - buf;
+ #else	!STRLENFIXES
  			int l2 = bb-buf-1;
+ #endif	STRLENFIXES
  			char* p = new char[l1+l2+1];

Jeff

+44 203 523485
..mcvax!warwick!jeff                                   (uucp)
jeff%warwick.uucp%daisy.warwick.ac.uk@ucl-cs.arpa      (arpa)