From 12b2608b241743314f177e73d8d73b72580d2948 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 24 Apr 2023 09:56:35 +0100
Subject: [PATCH] Fix bounds check in buffer_append.

We're about to append one character to the buffer _and_ put a \0 after
it, so we need the buffer to be at least _two_ characters longer than
where the current position is.

I think this bug would have had a hard time showing up in normal use,
but I managed to trigger it by completely messing up a prototype
Emscripten preferences implementation, and a good thing too.
---
 midend.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/midend.c b/midend.c
index 4966e32..aeaec90 100644
--- a/midend.c
+++ b/midend.c
@@ -3020,7 +3020,7 @@ struct buffer {
 
 static void buffer_append(struct buffer *buf, char c)
 {
-    if (buf->len + 1 > buf->size) {
+    if (buf->len + 2 > buf->size) {
         size_t new_size = buf->size + buf->size / 4 + 128;
         assert(new_size > buf->size);
         buf->data = sresize(buf->data, new_size, char);