From 860df1b067051d59e7db02d68522adc5b859c7db Mon Sep 17 00:00:00 2001
From: George Koehler <xkernigh@netscape.net>
Date: Thu, 8 Mar 2018 12:04:02 -0500
Subject: [PATCH] Read from new, not old, buffer after realloc.

This got caught by MALLOC_OPTIONS=S in OpenBSD.  The B compiler filled
the buffer while compiling hilo.b.  Then realloc moved the buffer and
unmapped the old buffer.  The compiler tried to read the old buffer
and segfaulted.
---
 modules/src/em_code/insert.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/modules/src/em_code/insert.c b/modules/src/em_code/insert.c
index 36950c3ea..00c628dcb 100644
--- a/modules/src/em_code/insert.c
+++ b/modules/src/em_code/insert.c
@@ -99,20 +99,19 @@ C_out_parts(pp)
 		}
 		else {
 			/* copy the chunk to output */
-#ifdef INCORE
-			register char *s = C_BASE + pp->pp_begin;
-			char *se = C_BASE + pp->pp_end;
-
-			while (s < se) {
-				put(*s++);
-			}
-#else
 			register long b = pp->pp_begin;
 
 			while (b < pp->pp_end) {
+#ifdef INCORE
+				/* C_BASE is not constant, put() may
+				   move C_BASE, so each iteration of
+				   this loop must read C_BASE again.
+				*/
+				put(C_BASE[b++]);
+#else
 				put(getbyte(b++));
-			}
 #endif
+			}
 		}
 		prev = pp;
 		pp = pp->pp_next;