From 5d665be8112a50f34fd1a0db62d81d52b2bc54e0 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sun, 18 Dec 2016 00:20:15 +0900
Subject: Revert "Prevent overflow beyond the end of string in
 form_update_line()"

This reverts commit 9ccaa1dd0dac6f9b35a649ae9901c225421500f6.
---
 form.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'form.c')

diff --git a/form.c b/form.c
index 34dc235..17fdabb 100644
--- a/form.c
+++ b/form.c
@@ -278,10 +278,10 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
 		 int newline, int password)
 {
     int c_len = 1, c_width = 1, w, i, len, pos;
-    char *p, *buf, *q = *str + strlen(*str);
+    char *p, *buf;
     Lineprop c_type, effect, *prop;
 
-    for (p = *str, w = 0, pos = 0; p < q && w < width;) {
+    for (p = *str, w = 0, pos = 0; *p && w < width;) {
 	c_type = get_mctype((unsigned char *)p);
 #ifdef USE_M17N
 	c_len = get_mclen(p);
@@ -326,7 +326,7 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
     bcopy((void *)line->propBuf, (void *)prop, spos * sizeof(Lineprop));
 
     effect = CharEffect(line->propBuf[spos]);
-    for (p = *str, w = 0, pos = spos; p < q && w < width;) {
+    for (p = *str, w = 0, pos = spos; *p && w < width;) {
 	c_type = get_mctype((unsigned char *)p);
 #ifdef USE_M17N
 	c_len = get_mclen(p);
@@ -347,7 +347,7 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
 	    if (w + c_width > width)
 		break;
 #endif
-	    for (i = 0; pos < len && i < c_width; i++) {
+	    for (i = 0; i < c_width; i++) {
 		buf[pos] = '*';
 		prop[pos] = effect | PC_ASCII;
 		pos++;
@@ -373,7 +373,7 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
 	    pos++;
 #ifdef USE_M17N
 	    c_type = (c_type & ~PC_WCHAR1) | PC_WCHAR2;
-	    for (i = 1; pos < len && p + i < q && i < c_len; i++) {
+	    for (i = 1; i < c_len; i++) {
 		buf[pos] = p[i];
 		prop[pos] = effect | c_type;
 		pos++;
@@ -383,7 +383,7 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
 	}
 	p += c_len;
     }
-    for (; pos < len && w < width; w++) {
+    for (; w < width; w++) {
 	buf[pos] = ' ';
 	prop[pos] = effect | PC_ASCII;
 	pos++;
@@ -398,8 +398,6 @@ form_update_line(Line *line, char **str, int spos, int epos, int width,
 	if (*p == '\n')
 	    p++;
     }
-    if (p > q)
-	p = q;
     *str = p;
 
     bcopy((void *)&line->lineBuf[epos], (void *)&buf[pos],
-- 
cgit v1.2.3