Subject: _doprnt %c bug  (#69)
Index:	lib/libc/pdp/stdio 2.11BSD

Description:
	There is a serious bug in _doprnt's handling of %c.  Null characters
	are ignored!  This causes a problem in 'telnet's terminal type
	negotiations which need a null byte after the suboption byte.

	The %r command was also removed since it was undocumented and not
	present in 4.3BSD (or later).  A side benefit is the saving of a few 
	bytes of space.

Repeat-By:
	Run the test program below.  If the output is not 3 then the bug
	is present.

	---------------------------cut here------------------------
	char	buf[32];

main()
	{
	sprintf(buf, "%c%c%c%c%s%c%c", 0xff, 0xfa, 0x18, 0x00,
		"VT100", 0xff, 0xf0);
	printf("strlen = %d\n", strlen(buf));
	}
	------------------------cut here-------------------------

Fix:
	Apply the patch below and replace doprnt.o in /lib/libc.a and
	/usr/lib/libc_p.a.  Save the patch below into /tmp/foo and:

		cd /usr/src/lib/libc/pdp/stdio
		patch < /tmp/foo
		make
		ar /lib/libc.a doprnt.o
		cd profiled
		ar /usr/lib/libc.a doprnt.o
		cd ..
		ranlib /lib/libc.a /usr/lib/libc_p.a
		make clean
--------------------------cut here-------------------------------
*** /usr/src/lib/libc/pdp/stdio/doprnt.s.old	Thu Dec 31 16:10:52 1987
--- /usr/src/lib/libc/pdp/stdio/doprnt.s	Tue Aug 25 19:42:46 1992
***************
*** 5,11 ****
   */
  
  #ifdef LIBC_SCCS
! 	<@(#)doprnt.s	5.4 (Berkeley) 1/25/87\0>
  	.even
  #endif LIBC_SCCS
  
--- 5,12 ----
   */
  
  #ifdef LIBC_SCCS
! /*	<@(#)doprnt.s	5.4 (Berkeley) 1/25/87\0> */
! 	<@(#)doprnt.s	5.5 (GTE) 8/25/92\0>
  	.even
  #endif LIBC_SCCS
  
***************
*** 34,40 ****
  	longorunsg;	'l
  	longorunsg;	'L
  	unsigned;	'u
- 	remote;		'r
  	long;		'D
  	loct;		'O
  	lhex;		'X
--- 35,40 ----
***************
*** 244,251 ****
  charac:
  	mov	$' ,zfill(r5)
  	mov	(r4)+,r0
- 	bic	$!377,r0
- 	beq	prbuf
  	movb	r0,(r3)+
  	br	prbuf
  
--- 244,249 ----
***************
*** 282,293 ****
  1:
  	mov	pc,r2
  	jsr	pc,pscien
- 	br	prbuf
- 
- remote:
- 	mov	(r4)+,r4
- 	mov	(r4)+,formp(r5)
- 	jmp	loop
  
  prbuf:
  	mov	sp,r2
--- 280,285 ----
