From e56ffad8be242a71e316c5f85ec0c0093d5b7108 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@pond.sub.org>
Date: Sat, 18 Dec 2004 08:53:23 +0000
Subject: [PATCH] (termio): Fix crash bug: when input line starts with '?', `s'
 was used uninitialized.

(buf, exec, termio): Make buf[] and exec[] local to termio().
---
 src/client/tags.c   |  6 ------
 src/client/tags.h   |  2 --
 src/client/termio.c | 15 ++++++++-------
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/src/client/tags.c b/src/client/tags.c
index 0903fe22..3531ca9e 100644
--- a/src/client/tags.c
+++ b/src/client/tags.c
@@ -43,17 +43,11 @@
 #endif
 
 struct tagstruct *taglist;
-s_char buf[4096];
-s_char exec[8];
-static unsigned short tagnum;
 
 void
 io_init(void)
 {
     taglist = NULL;
-    buf[0] = 0;
-    tagnum = 0;
-    sprintf(exec, "execute");
 }
 
 s_char *
diff --git a/src/client/tags.h b/src/client/tags.h
index a50c9772..b437c9f0 100644
--- a/src/client/tags.h
+++ b/src/client/tags.h
@@ -40,8 +40,6 @@ struct tagstruct {
 };
 
 extern struct tagstruct *taglist;
-extern s_char buf[4096];
-extern s_char exec[8];
 
 void io_init(void);
 s_char *gettag(s_char *p);
diff --git a/src/client/termio.c b/src/client/termio.c
index 376c4a93..31b6c694 100644
--- a/src/client/termio.c
+++ b/src/client/termio.c
@@ -47,12 +47,14 @@
 int
 termio(int fd, int sock, FILE *auxfi)
 {
+    static char exec[] = "execute";
+    static char buf[4096];
     s_char out[4096];
     int i, n;
     s_char *ptr;
     s_char *p, *q, *r, *s, *t;
     int nbytes;
-    int numarg, prespace, exec_com, inarg, quoted, tagging;
+    int prespace, exec_com, inarg, quoted, tagging;
     struct tagstruct *tag;
 #ifdef _WIN32
     char c;
@@ -123,11 +125,11 @@ termio(int fd, int sock, FILE *auxfi)
     p = buf;
     q = out;
     r = out;
-    numarg = 0;
     tagging = 0;
     inarg = 0;
     prespace = 1;
     quoted = 0;
+    exec_com = 0;
     while (p < buf + n && q < out + 4000) {
 	if (*p == '\n') {
 	    if (tagging) {
@@ -141,11 +143,11 @@ termio(int fd, int sock, FILE *auxfi)
 		*t = 0;
 	    }
 	    *q++ = *p++;
-	    numarg = 0;
 	    tagging = 0;
 	    inarg = 0;
 	    prespace = 1;
 	    quoted = 0;
+	    exec_com = 0;
 	    ptr = p;
 	    r = q;
 	} else if (tagging) {
@@ -153,7 +155,7 @@ termio(int fd, int sock, FILE *auxfi)
 	} else if (!quoted && isspace(*p)) {
 	    *q++ = *p++;
 	    prespace = 1;
-	    if (numarg == 1 && exec_com && s > exec + 2) {
+	    if (exec_com && s > exec + 2) {
 		tagging = 1;
 		s = p;
 	    }
@@ -175,10 +177,9 @@ termio(int fd, int sock, FILE *auxfi)
 		if (!inarg && *p != '?') {
 		    s = exec;
 		    exec_com = 1;
-		    numarg++;
+		    inarg = 1;
 		}
-		inarg = 1;
-		if (*s && *s++ != *p)
+		if (exec_com && *s && *s++ != *p)
 		    exec_com = 0;
 	    }
 	    *q++ = *p++;