morgan@UCI-750A.ARPA (08/28/84)
From: Tim Morgan <morgan@UCI-750A.ARPA> Description: In more, the routine initterm() is called to initialize the terminal capabilities which are used subsequently. It uses a buffer called "clearbuf" of 100 bytes to store the capability strings into, using the termcap(3) routines (eg, tgetstr(3)). But since clearbuf is local to initterm(), when that routine exits, clearbuf and the pointers to the capability strings stored within it can be overwritten by other routines. Normally more works because just before clearbuf is another array called "buf" which is 1024 bytes long. Thus clearbuf is high enough (or low enough, depending on how you look at it) on the stack that it avoids being trashed. Repeat-By: Modify more so that some routine uses (writes on) more than 1024 bytes of space on the stack. More will no longer correctly do things like clear the screen or change to or from inverse video. Fix: Change the declaration of "clearbuf" in initterm() from char clearbuf[100]; to static char clearbuf[100];