ldmud-3.2.9/doc/
ldmud-3.2.9/doc/efun/
ldmud-3.2.9/mud/
ldmud-3.2.9/mud/heaven7/
ldmud-3.2.9/mud/heaven7/lib/
ldmud-3.2.9/mud/lp-245/
ldmud-3.2.9/mud/lp-245/banish/
ldmud-3.2.9/mud/lp-245/doc/
ldmud-3.2.9/mud/lp-245/doc/examples/
ldmud-3.2.9/mud/lp-245/doc/sefun/
ldmud-3.2.9/mud/lp-245/log/
ldmud-3.2.9/mud/lp-245/obj/Go/
ldmud-3.2.9/mud/lp-245/players/lars/
ldmud-3.2.9/mud/lp-245/room/death/
ldmud-3.2.9/mud/lp-245/room/maze1/
ldmud-3.2.9/mud/lp-245/room/sub/
ldmud-3.2.9/mud/lp-245/secure/
ldmud-3.2.9/mud/morgengrauen/
ldmud-3.2.9/mud/morgengrauen/lib/
ldmud-3.2.9/mud/sticklib/
ldmud-3.2.9/mud/sticklib/src/
ldmud-3.2.9/mudlib/uni-crasher/
ldmud-3.2.9/pkg/
ldmud-3.2.9/pkg/debugger/
ldmud-3.2.9/pkg/diff/
ldmud-3.2.9/pkg/misc/
ldmud-3.2.9/src/autoconf/
ldmud-3.2.9/src/bugs/
ldmud-3.2.9/src/bugs/MudCompress/
ldmud-3.2.9/src/bugs/b-020916-files/
ldmud-3.2.9/src/bugs/doomdark/
ldmud-3.2.9/src/bugs/ferrycode/ferry/
ldmud-3.2.9/src/bugs/ferrycode/obj/
ldmud-3.2.9/src/bugs/psql/
ldmud-3.2.9/src/done/
ldmud-3.2.9/src/done/order_alist/
ldmud-3.2.9/src/done/order_alist/obj/
ldmud-3.2.9/src/done/order_alist/room/
ldmud-3.2.9/src/gcc/
ldmud-3.2.9/src/gcc/2.7.0/
ldmud-3.2.9/src/gcc/2.7.1/
ldmud-3.2.9/src/hosts/
ldmud-3.2.9/src/hosts/GnuWin32/
ldmud-3.2.9/src/hosts/amiga/NetIncl/
ldmud-3.2.9/src/hosts/amiga/NetIncl/netinet/
ldmud-3.2.9/src/hosts/amiga/NetIncl/sys/
ldmud-3.2.9/src/hosts/i386/
ldmud-3.2.9/src/hosts/msdos/byacc/
ldmud-3.2.9/src/hosts/msdos/doc/
ldmud-3.2.9/src/hosts/os2/
ldmud-3.2.9/src/hosts/win32/
ldmud-3.2.9/src/util/
ldmud-3.2.9/src/util/erq/
ldmud-3.2.9/src/util/indent/hosts/next/
ldmud-3.2.9/src/util/xerq/
ldmud-3.2.9/src/util/xerq/lpc/
ldmud-3.2.9/src/util/xerq/lpc/www/ 
Short: terminal_colour() exceeds buffer limits
Date: Mon, 11 Oct 1999 13:03:24 +0200
From: Christian Mudra <c_mudra@informatik.uni-kl.de>
To: lars@bearnip.com
Type: Bug
State: Done - corrected in 3.2.8-dev.151

> Ich muesste wissen, was genau in m, width und indent drinsteht.

str = "The smell of horses is very strong in here. You see many closed 
boxes from which you hear the neigh and stomping of several horses.  If you want to rent a horse, call for the groom. A sign is nailed to  the door of one of the boxes.
There is one obvious exit: north.
"

// nach "closed" in der ersten Zeile ist ein \n

m = ([			// mit den entsprechenden Farbcode in den strings,
			// der debug-output war sehr farbig fuer mich :-)
			// ich hab die Farbcodes hier reinkopiert, wobei
			// ESC als "\e" definiert ist.
  "BG_CYAN": ESC"[46m",
  "BOLD": ESC"[1m",
  "CHANNEL": ESC"[34m",
  "BG_BLUE": ESC"[44m",
  "YELLOW": ESC"[33m",
  "BG_GREEN": ESC"[42m",
  "NORMAL": ESC"[0m",
  "INVERSE": ESC"[7m",
  "MAGENTA": ESC"[45m",
  "BG_BLACK": ESC"[40m",
  "BG_RED": ESC"[41m",
  "BG_YELLOW": ESC"[43m",
  "BG_WHITE": ESC"[47m",
  "BLINK": ESC"[5m",
  "RED": ESC"[31m",
  "BLACK": ESC"[30m",
  "UNDERSCORE": ESC"[4m",
  "BG_MAGENTA": ESC"[35m",
  "GREEN": ESC"[32m",
  "BLUE": ESC"[34m",
  "CYAN": ESC"[36m",
  "WHITE": ESC"[37m",
  "TELL": "",
])
width = 78
indent = 10

Damit ein

    terminal_colour(str,m,width-indent),

und man erhaelt

    Partial string too long (> 268).
    program: kernel/simul/string.c, object: kernel/simul_efun line 105

------ Analysis ------

The crucial fact is that the string to format containes extraneous spaces.
These spaces are not counted for the result, but are still present when
the string is formatted. And because the temporary string is allocated
to just the length of the result, we get an overflow.

------ Solution ------

Count the number of characters to omit from the incoming string
and add this count to the size of the allocated temporary string.