From 9fb3aad7e886601e32aa922cf5be69c98c504662 Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Tue, 2 Sep 2014 13:54:10 +0900
Subject: [PATCH 1006/1006] braid/init_braid: limit braid->braidlength
 correctly

gcc49 sanitizer detected errors like below:
../../hacks/braid.c:225:20: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:227:27: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:118:12: runtime error: index 50 out of bounds for type 'int [50]'
../../hacks/braid.c:120:17: runtime error: index 50 out of bounds for type 'int [50]'

In init_braid(), currently at the line 203 braid->braidlength can have the value
MAXLENGTH at the maximum, and at the line 232 braid->braidlength may be incremented
by 1, so braid->braidlength can be MAXLENGTH + 1. So the part "braid->braidword[i]"
appearing in braid.c can do one-byte ahead access.
---
 hacks/braid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hacks/braid.c b/hacks/braid.c
index c73b89d..d134e63 100644
--- a/hacks/braid.c
+++ b/hacks/braid.c
@@ -200,7 +200,7 @@ init_braid(ModeInfo * mi)
 		braid->nstrands = INTRAND(MINSTRANDS,
 				       MAX(MIN(MIN(MAXSTRANDS, MI_COUNT(mi)),
 					       (int) ((braid->max_radius - braid->min_radius) / 5.0)), MINSTRANDS));
-	braid->braidlength = INTRAND(MINLENGTH, MIN(MAXLENGTH, braid->nstrands * 6));
+	braid->braidlength = INTRAND(MINLENGTH, MIN(MAXLENGTH -1, braid->nstrands * 6));
 
 	for (i = 0; i < braid->braidlength; i++) {
 		braid->braidword[i] =
-- 
1.9.3