From 2600d01373ce04b34f698f3887e90a35c77bda61 Mon Sep 17 00:00:00 2001
From: labath <pavelo@centrum.sk>
Date: Tue, 31 Jan 2017 01:31:09 +0000
Subject: [PATCH] Fix an out-of-range error in new_graph (#356)

The code was multiplying the index with the size of the element, and
then adding it to the typed pointer (resulting in a double
multiplication and an OOB access).

Replace the buggy code with a slightly safer c++ alternative.
---
 src/specials.cc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/specials.cc b/src/specials.cc
index ee941eb..73bd2a2 100644
--- a/src/specials.cc
+++ b/src/specials.cc
@@ -519,14 +519,12 @@ void new_graph(struct text_object *obj, char *buf, int buf_max_size, double val)
 		DBGP("reallocing graph from %d to %d", s->graph_allocated, s->graph_width);
 		if (!s->graph) {
 			/* initialize */
-			memset(graph, 0, s->graph_width * sizeof(double));
+			std::fill_n(graph, s->graph_width, 0.0);
 			s->scale = 100;
 		} else {
 			if (s->graph_width > s->graph_allocated) {
 				/* initialize the new region */
-				memset(graph + (s->graph_allocated * sizeof(double)), 0,
-						(s->graph_width - s->graph_allocated) *
-						sizeof(double));
+				std::fill(graph + s->graph_allocated, graph + s->graph_width, 0.0);
 			}
 		}
 		s->graph = graph;