PATCH FILE FOR DOSCAN.MAC IN DECUS 11-SP-18 KIT

Purpose:-  There are two faults in this program which cause apparently random
memory overwrites.

1) When using scanf and friends to read numbers of any type and an attempt is
made to read numbers beyond the end of the input file (when scanf should
return 0) the program later traps out to 4 or 10 because it has been
overwritten. The reason for this is that in the part of the program to test
for whitespace, characters are truncated to 7 bits. As a result EOF (-1) is
also truncated to 7 bits and is no longer EOF. The backup routine then does
not catch EOF and this can result in a call to the unget function when the
buffer pointer is right at the start of the buffer. Since the buffer has been
allocated by malloc it is malloc's buffer parameters which are overwritten and
the storage allocation mechanism gradually goes haywire.

2) Use of sscanf results in areas of memory being overwritten.  This fault
arises since the code for getting characters into scanf and friends uses a
test for EOF (-1) to check for end of record.  However, for the input strings
fed into sscanf the end of record marker is EOS (0).  This means that the
scanner continues to take in characters until it fortuitously runs into a stop
character.  In the case of strings this may take a long time and result in a
very long string being written to space allocated for a short one.  Once
again it seems that it is malloc's parameters which are often overwritten.

Method:- 

1)Do a special check for EOF and avoid truncating it. (edit b1)

2)Test for both EOF and EOS. (edit b2)

Patching:-  Patch the DOSCAN.MAC file using SLP.  The commands are

R SLP
DOSCAN.NEW=DOSCAN.OLD,DOSCAN.PAT/A/T

where DOSCAN.OLD is the 11-SP-18 version of DOSCAN.MAC, DOSCAN.NEW is the
result of the patch and DOSCAN.PAT is the differences file which begins with
the line -41,41 below. 

-41,41
;     b1 22-Sep-84 HFR		Truncated EOF means unget bytes outside buffer
;     b2 22-Sep-84 HFR		EOF is EOS for sscanf so need to test for it
-323
	cmp	#-1,r0		; EOF is special case which should	;b1+
	bne	7$		; not be cut down to 7 bits or the
	return			; procedure backup ungets bytes beyond
7$:				; the buffer.				;b1-
-690,690
;;;	blt	10$		; No (EOF)	(original version)	;b2
	ble	10$		; No EOF or EOS (for sscanf)		;b2
/
                                                                                                                                                                                       