[PATCH] segfault fix while formatting paragraph (alt-p)

[Jindrich Novy <jnovy redhat com>]

Hi,

there's a segfault while formatting a paragraph with alt-p. The
next_word_start() in wordproc.c misses the upper boundary check.
The attached patch fixes it.

References/Reproducer:
http://bugzilla.redhat.com/194562

Jindrich

--- mc/edit/wordproc.c.jn	2005-05-27 05:35:12.000000000 +0200
+++ mc/edit/wordproc.c	2006-06-16 14:19:38.000000000 +0200
@@ -198,10 +198,10 @@
 }
 
 static int
-next_word_start (unsigned char *t, int q)
+next_word_start (unsigned char *t, int q, int size)
 {
     int i;
-    for (i = q;; i++) {
+    for (i = q; i < size; i++) {
 	switch (t[i]) {
 	case '\n':
 	    return -1;
@@ -220,11 +220,11 @@
 
 /* find the start of a word */
 static int
-word_start (unsigned char *t, int q)
+word_start (unsigned char *t, int q, int size)
 {
     int i = q;
     if (t[q] == ' ' || t[q] == '\t')
-	return next_word_start (t, q);
+	return next_word_start (t, q, size);
     for (;;) {
 	int c;
 	if (!i)
@@ -253,9 +253,9 @@
 	    break;
 	if (t[q] == '\n')
 	    break;
-	p = word_start (t, q);
+	p = word_start (t, q, size);
 	if (p == -1)
-	    q = next_word_start (t, q);		/* Return the end of the word if the beginning
+	    q = next_word_start (t, q, size);	/* Return the end of the word if the beginning
 						   of the word is at the beginning of a line
 						   (i.e. a very long word) */
 	else