From 1cd08017d69adc08cb6962ac8e44a36206c77987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fredrik=20H=C3=BCbinette=20=28Hubbe=29?= <hubbe@hubbe.net>
Date: Wed, 29 Jan 1997 13:43:07 -0800
Subject: [PATCH] fixed a memory bound error when allocating mappings   with
 room for zero elements.

Rev: src/mapping.c:1.11
---
 src/mapping.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/mapping.c b/src/mapping.c
index 4739c11d85..132985b943 100644
--- a/src/mapping.c
+++ b/src/mapping.c
@@ -4,7 +4,7 @@
 ||| See the files COPYING and DISCLAIMER for more information.
 \*/
 #include "global.h"
-RCSID("$Id: mapping.c,v 1.10 1997/01/27 01:21:34 hubbe Exp $");
+RCSID("$Id: mapping.c,v 1.11 1997/01/29 21:43:07 hubbe Exp $");
 #include "main.h"
 #include "types.h"
 #include "object.h"
@@ -77,6 +77,7 @@ static void init_mapping(struct mapping *m, INT32 size)
 #ifdef DEBUG
   if(size < 0) fatal("init_mapping with negative value.\n");
 #endif
+  if(size<3) size=3;
 
   hashsize=size / AVG_LINK_LENGTH + 1;
   if(!(hashsize & 1)) hashsize++;
@@ -88,10 +89,10 @@ static void init_mapping(struct mapping *m, INT32 size)
   m->hashsize=hashsize;
 
   tmp+=sizeof(struct keypair *)*hashspace;
-  m->free_list=(struct keypair *) tmp;
   
   MEMSET((char *)m->hash, 0, sizeof(struct keypair *) * m->hashsize);
 
+  m->free_list=(struct keypair *) tmp;
   for(e=1;e<size;e++)
     m->free_list[e-1].next = m->free_list + e;
   m->free_list[e-1].next=0;
-- 
GitLab