On Tue, 09 Mar 2021 22:04:42 +0100, Christian Weisgerber wrote: > Thanks a lot for figuring this out! I finally got around to looking > at your patch. Once we have nul-terminated lines, appdstr() can > be replaced with realloc() and strlcat().
I don't think your use of qlen is safe since it is initialized to zero. Specifically, it looks like "qp->q_text[qlen - 1]" would be an out of bounds read. Should qlen be initialized to strlen(qp->q_text) if qp->q_text != NULL? - todd
