From 4e8eb4f0f838674cc353c6a5ff3e06ff40cd5ea9 Mon Sep 17 00:00:00 2001
From: Larry Wall <lwall@jpl-devvax.jpl.nasa.gov>
Date: Tue, 13 Nov 1990 02:28:59 +0000
Subject: [PATCH] perl 3.0 patch #41 (combined patch)

Here's the requisite dinky patch to fix the problems of the
preceding large set of patches.  In this case, a couple of
malloc/free problems--one of which involved overrunning the end
of an allocated string, and the other of which involved freeing
with invalid pointers.  (There was also a bug in there involving
variable magicalness propagating incorrectly, which resulting in
a dbm anomoly.)

I updated README to mention that dnix needs to avoid -O.

I added the hp malloc union overhead strut that Jan Dr{rv posted.
(Eventually this should be determined by Configure, but laziness
has its advantages.)
---
 README       |  1 +
 malloc.c     |  7 +++++--
 patchlevel.h |  2 +-
 str.c        | 52 ++++++++++++++++++++++++++++++++++------------------
 4 files changed, 41 insertions(+), 21 deletions(-)

diff --git a/README b/README
index 9a3c7e2..5996e1e 100644
--- a/README
+++ b/README
@@ -113,6 +113,7 @@ Installation
     A/UX may need -ZP -DPOSIX, and -g if big cc is used.
     FPS machines may need -J and -DBADSWITCH.
     UTS may need one or more of -DCRIPPLED_CC, -K or -g, and undef LSTAT.
+    Dnix (not dynix) may need to remove -O.
     If you get syntax errors on '(', try -DCRIPPLED_CC or -DBADSWITCH or both.
     Machines with half-implemented dbm routines will need to #undef ODBM & NDBM.
     C's that don't try to restore registers on longjmp() may need -DJMPCLOBBER.
diff --git a/malloc.c b/malloc.c
index 86fdb5c..6ad48b9 100644
--- a/malloc.c
+++ b/malloc.c
@@ -1,6 +1,9 @@
-/* $Header: malloc.c,v 3.0.1.3 90/10/16 15:27:47 lwall Locked $
+/* $Header: malloc.c,v 3.0.1.4 90/11/13 15:23:45 lwall Locked $
  *
  * $Log:	malloc.c,v $
+ * Revision 3.0.1.4  90/11/13  15:23:45  lwall
+ * patch41: added hp malloc union overhead strut (that sounds very blue collar)
+ * 
  * Revision 3.0.1.3  90/10/16  15:27:47  lwall
  * patch29: various portability fixes
  * 
@@ -56,7 +59,7 @@ static findbucket(), morecore();
  */
 union	overhead {
 	union	overhead *ov_next;	/* when free */
-#if defined(mips) || defined(sparc) || defined(luna88k)
+#if defined(mips) || defined(sparc) || defined(luna88k) || defined(hp9000s800)
 	double  strut;			/* alignment problems */
 #endif
 	struct {
diff --git a/patchlevel.h b/patchlevel.h
index 8763a9e..dc3e5ed 100644
--- a/patchlevel.h
+++ b/patchlevel.h
@@ -1 +1 @@
-#define PATCHLEVEL 40
+#define PATCHLEVEL 41
diff --git a/str.c b/str.c
index a3780f1..e392cee 100644
--- a/str.c
+++ b/str.c
@@ -1,4 +1,4 @@
-/* $Header: str.c,v 3.0.1.10 90/11/10 02:06:29 lwall Locked $
+/* $Header: str.c,v 3.0.1.11 90/11/13 15:27:14 lwall Locked $
  *
  *    Copyright (c) 1989, Larry Wall
  *
@@ -6,6 +6,9 @@
  *    as specified in the README file that comes with the perl 3.0 kit.
  *
  * $Log:	str.c,v $
+ * Revision 3.0.1.11  90/11/13  15:27:14  lwall
+ * patch41: fixed a couple of malloc/free problems
+ * 
  * Revision 3.0.1.10  90/11/10  02:06:29  lwall
  * patch38: temp string values are now copied less often
  * patch38: array slurps are now faster and take less memory
@@ -259,28 +262,41 @@ register STR *sstr;
 	/*
 	 * Check to see if we can just swipe the string.  If so, it's a
 	 * possible small lose on short strings, but a big win on long ones.
+	 * It might even be a win on short strings if dstr->str_ptr
+	 * has to be allocated and sstr->str_ptr has to be freed.
 	 */
 
 	if (sstr->str_pok & SP_TEMP) {		/* slated for free anyway? */
-	    if (dstr->str_ptr)
+	    if (dstr->str_ptr) {
+		if (dstr->str_state == SS_INCR)
+		    dstr->str_ptr -= dstr->str_u.str_useful;
 		Safefree(dstr->str_ptr);
-#ifdef STRUCTCOPY
-	    *dstr = *sstr;
-#else
-	    Copy(sstr, dstr, 1, STR);
+	    }
+	    dstr->str_ptr = sstr->str_ptr;
+	    dstr->str_len = sstr->str_len;
+	    dstr->str_cur = sstr->str_cur;
+	    dstr->str_state = sstr->str_state;
+	    dstr->str_pok = sstr->str_pok & ~SP_TEMP;
+#ifdef TAINT
+	    dstr->str_tainted = sstr->str_tainted;
 #endif
-	    Zero(sstr, 1, STR);			/* (probably overkill) */
-	    dstr->str_pok &= ~SP_TEMP;
+	    sstr->str_ptr = Nullch;
+	    sstr->str_len = 0;
+	    sstr->str_pok = 0;			/* wipe out any weird flags */
+	    sstr->str_state = 0;		/* so sstr frees uneventfully */
 	}
-	else {					/* have to copy piecemeal */
+	else					/* have to copy actual string */
 	    str_nset(dstr,sstr->str_ptr,sstr->str_cur);
-	    if (sstr->str_nok) {
-		dstr->str_u.str_nval = sstr->str_u.str_nval;
-		dstr->str_nok = 1;
-		dstr->str_state = SS_NORM;
-	    }
-	    else if (sstr->str_cur == sizeof(STBP)) {
-		char *tmps = sstr->str_ptr;
+	if (dstr->str_nok = sstr->str_nok)
+	    dstr->str_u.str_nval = sstr->str_u.str_nval;
+	else {
+#ifdef STRUCTCOPY
+	    dstr->str_u = sstr->str_u;
+#else
+	    dstr->str_u.str_nval = sstr->str_u.str_nval;
+#endif
+	    if (dstr->str_cur == sizeof(STBP)) {
+		char *tmps = dstr->str_ptr;
 
 		if (*tmps == 'S' && bcmp(tmps,"StB",4) == 0) {
 		    if (!dstr->str_magic) {
@@ -763,8 +779,8 @@ int append;
     str->str_pok = 1;			/* validate pointer */
     if (str->str_len <= cnt + 1) {	/* make sure we have the room */
 	if (cnt > 80 && str->str_len > 0) {
-	    shortbuffered = cnt - str->str_len;
-	    cnt = str->str_len;
+	    shortbuffered = cnt - str->str_len + 1;
+	    cnt = str->str_len - 1;
 	}
 	else {
 	    shortbuffered = 0;
-- 
1.8.3.1