On Fri, Nov 04, 2011 at 11:10:01AM +0100, Markus Armbruster wrote:
> readline_hist_add() moves the history entry to the end of history. It
> uses memmove() to move rs->history[idx + 1..] to rs->history[idx..].
> However, its size argument is off by two array elements, so it writes
> one element be
readline_hist_add() moves the history entry to the end of history. It
uses memmove() to move rs->history[idx + 1..] to rs->history[idx..].
However, its size argument is off by two array elements, so it writes
one element beyond rs->history[], and reads two.
On my system, this clobbers rs->hist_en
