win32gui buffer overrun (from <Someone>)

splash screen off by one error overwrote one byte outside the
mallocked block

diff --git a/win/win32/mhsplash.c b/win/win32/mhsplash.c
index ecc4661a3a304bce3fa8363f9eefa6d977399390..c417b6fef1b174dc5e458d0cf0b37dcd2fe8fa43 100644 (file)
--- a/win/win32/mhsplash.c
+++ b/win/win32/mhsplash.c
@@ -109,7 +109,7 @@ void mswin_display_splash_window (BOOL show_ver)
                        line[len + 1] = '\0';
                        len++;
                    }
-                   if (strsize + (int)len > bufsize)
+                   if (strsize + (int)len + 1 > bufsize)
                    {
                        bufsize += BUFSZ;
                        buf = realloc(buf, bufsize);
@@ -140,7 +140,7 @@ void mswin_display_splash_window (BOOL show_ver)
                            line[len + 1] = '\0';
                            len++;
                        }
-                       if (strsize + (int)len > bufsize)
+                       if (strsize + (int)len + 1 > bufsize)
                        {
                            bufsize += BUFSZ;
                            buf = realloc(buf, bufsize);