From: Marcus Meissner <marcus@jet.franken.de>
Subject: [PATCH] regedit: Need 3 bytes of room at end of buffer for \r\n\0 to avoid endless loop.
Message-Id: <1434037569-31960-1-git-send-email-marcus@jet.franken.de>
Date: Thu, 11 Jun 2015 17:46:09 +0200

From: Jiaxing Wang <hello.wjx@gmail.com>

Marcus: reviewed, yes, there is >= +2 check later on.
---
 programs/regedit/regproc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/regedit/regproc.c b/programs/regedit/regproc.c
index 643b559..2d766de 100644
--- a/programs/regedit/regproc.c
+++ b/programs/regedit/regproc.c
@@ -641,7 +641,7 @@ static void processRegLinesA(FILE *in, char* first_chars)
             /* Do we need to expand the buffer ? */
             assert (s >= line && s <= line + lineSize);
             size_remaining = lineSize - (s-line);
-            if (size_remaining < 2) /* room for 1 character and the \0 */
+            if (size_remaining < 3) /* need at least 3 bytes of room for \r\n\0 */
             {
                 char *new_buffer;
                 size_t new_size = lineSize + REG_VAL_BUF_SIZE;

-- 
1.8.4.5