From nick@zeta.org.au Sat Apr  5 12:30:02 EST 1997
Article: 6965 of news.software.b
Path: news.math.psu.edu!news.cse.psu.edu!uwm.edu!newsfeeds.sol.net!feed1.news.erols.com!news.ecn.uoknor.edu!munnari.OZ.AU!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!not-for-mail
From: nick@zeta.org.au (Nick Andrew)
Newsgroups: news.software.b
Subject: INN 1.5.1 makehistory bug and fix
Date: 6 Apr 1997 02:03:40 +1000
Organization: Kralizec Dialup Unix Sydney, +61-2-837-1183 V.32bis
Lines: 60
Message-ID: <5i5t4s$bp5@godzilla.zeta.org.au>
NNTP-Posting-Host: godzilla.zeta.org.au
Xref: news.math.psu.edu news.software.b:6965

[ I already submitted this to inn-bugs@isc.org; just posting here in case
anybody else strikes this bug before an official fix  --nick ]

G'day all,

``makehistory'' in 1.5.1 contains a fencepost error. The problem occurs
in the second phase of the history file rebuild when the history file line
which makehistory must write out is the same size as the buffer it keeps
(oops, forgot the trailing \0).

The reason nobody ever noticed it before is that nobody (else) had a
history file which contained a line for an article with a really long
message-ID before any crossposts appeared in the file (crossposts would
cause the buffer to be expanded, thus making it unlikely to strike
the bug).

Anyway, here's the fix:

-----------------------------------------------------------------------------
*** makehistory.c.original      Wed Dec 18 01:40:40 1996
--- makehistory.c       Sun Apr  6 01:25:37 1997
***************
*** 1,6 ****
--- 1,9 ----
  /*  $Revision: 1.21 $
  **
  **  Rebuild the history database.
+ **
+ **  1997-04-06: Fix off-by-one error when expanding buffer to fit history
+ **  lines. <nick@zeta.org.au>
  */
  #include <stdio.h>
  #include <sys/types.h>
***************
*** 850,856 ****
  
            *q = HIS_FIELDSEP;
            i = strlen(line);
!           if (B.Size < i) {
                B.Size = i + 2;
                RENEW(B.Data, char, B.Size);
            }
--- 853,859 ----
  
            *q = HIS_FIELDSEP;
            i = strlen(line);
!           if (B.Size <= i) {
                B.Size = i + 2;
                RENEW(B.Data, char, B.Size);
            }
-----------------------------------------------------------------------------

Nick.
-- 
Kralizec / Zeta Microcomputer Software  Fax: +61-2-9233-6545 Voice: 9837-1397
P.O. Box 177, Riverstone NSW 2765       http://www.kralizec.net.au/
-- 
Kralizec Dialup Internet System         Data: +61-2-9837-1183, 9837-1868
Zeta Microcomputer Software             Fax: +61-2-9837-3753 Voice: 9837-1397
P.O. Box 177, Riverstone NSW 2765       http://www.kralizec.net.au/