[Rlib-devel] Another crasher bugfix

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I got a crash at line 387 in libsrc/formatstring.c,
it turned out that the allocated buffer is too small
for UTF-8 strings. Patch is attached.

I got another crash in layout.c but I didn't have time to hunt it down ye=
t.
Here's a diagnostics from GCC4 with the bounds checking extension:

layout.c:612:Bounds error: attempt to reference memory overrunning the=20
end of an object.
layout.c:612:  Pointer value: 0x4, Size: 1
layout.c:612:  Object `realloc':
layout.c:612:    Address in memory:    0x0 .. 0x3
layout.c:612:    Size:                 20 bytes
layout.c:612:    Element size:         1 bytes
layout.c:612:    Number of elements:   20
layout.c:612:    Storage class:        heap
** NUTS.. WE CRASHED
Kil=E9p=E9s (core dumped)

Best regards,
Zolt=E1n B=F6sz=F6rm=E9nyi