metafy() (was Re: $watch, log and Cyrillic usernames)

[Oliver Kiddle <opk@xxxxxxx>]

I wrote:
> However, in looking closer at the code I observed the existing use of
> sizeof(u->ut_name) which is 32 on my system. So I tried creating 32 and
> 33 character usernames (which, incidentally, useradd was happy with) and

It occurred to be to double check what metafy() does about null
termination with META_USEHEAP. The comment by META_USEHEAP is "get
memory from the heap. This leaves buf unchanged". The main way it
differs from META_HEAPDUP is that if no characters that need metafying
are found, it will return back the original passed buf. However, it does
add a terminating null at the len + 1 position so while the buf pointer is
unchanged, what it points to does get changed.

There aren't especially many calls to metafy with META_USEHEAP and in
most cases, the call uses the result of getkeystring(). I
noticed one case where we do need to add 1 byte to an allocation to
accomodate this null.

I'm not sure what the best approach is for the watch module. Subtracting 1
from n in each call to strnlen() avoids writing a null past the end of
the buffer but is not ideal for 32 character usernames. Using
META_HEAPDUP instead means a lot of heap allocations in the normal case
where there are only short ASCII-only usernames. Any ideas?

Oliver

diff --git a/Src/subst.c b/Src/subst.c
index cdbfc138a..60d850feb 100644
--- a/Src/subst.c
+++ b/Src/subst.c
@@ -1506,7 +1506,7 @@ substevalchar(char *ptr)
     }
 #ifdef MULTIBYTE_SUPPORT
     else if (isset(MULTIBYTE) && ires > 127) {
-	ptr = zhalloc(MB_CUR_MAX);
+	ptr = zhalloc(MB_CUR_MAX+1);
 	len = ucs4tomb((unsigned int)ires & 0xffffffff, ptr);
     }
     if (len <= 0)