The stand-alone Info reader crashed on me today when I did index-search. Debugging that, I found a faulty logic in indices.c, which caused us to write outside of a string's bounds when we up-case or down-case a partial match found by index-search. The result was that the following call to 'free' crashed.
Here's the patch to fix this: 2013-03-20 Eli Zaretskii <[email protected]> * info/indices.c (info_next_index_match): Fix computation of 'partial', as setting it to 1 causes crashes because upcasing or downcasing the match writes outside of match[] string bounds. --- indices.c~ 2013-02-23 02:11:25.000000000 +0200 +++ indices.c 2013-03-20 19:39:51.850527800 +0200 @@ -417,14 +417,13 @@ matches. */ for (i = index_offset + dir; (i > -1) && (index_index[i]); i += dir) if (!index_entry_matches (index_index[i], index_search, search_len) && - string_in_line (index_search, index_index[i]->label) != -1) - { - partial = 1; - break; - } + (partial = + string_in_line (index_search, index_index[i]->label)) != -1) + break; } - index_partial = partial; - + if (partial <= 0) + index_partial = 0; + /* If that failed, print an error. */ if ((i < 0) || (!index_index[i])) { @@ -459,7 +458,7 @@ string matched. */ match = xstrdup (index_index[i]->label); - if (partial && show_index_match) + if (partial > 0 && show_index_match) { int k, ls, start, upper;
