[gnu.bash.bug] Bug in bash 0.99

jdf@ccvi.ccv.fr (Jean-Daniel Fekete) (07/03/89)

The following code produces a bug in realloc because some text is
copied beyond the allocated area of ``line''.

Fix: check for line length in alias.c and realloc if needed


*** alias.c.~1~	Thu Jun  8 08:51:51 1989
--- alias.c	Mon Jul  3 14:55:18 1989
***************
*** 168,173 ****
--- 168,175 ----
      return (line);
  
    j = strlen (line);
+   if ((j + i - start) >= line_len)
+     line = (char *)xrealloc (line, line_len += (50 + j + i - start));
    strncpy (line + j, string + start, i - start);
    line[j + (i - start)] = '\0';