From a9802509184341e731de5c9af363184a9964a8a7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 4 Jan 2011 16:02:48 +0000
Subject: [PATCH] fish: Fix off-by-one bug in tilde expansion.

Although this doesn't seem to cause a crash, valgrind confirms
that this is a genuine off-by-one bug.  It could potentially
cause a crash if you did:

  echo 'echo ~root/foo' | guestfish
---
 fish/tilde.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fish/tilde.c b/fish/tilde.c
index 83aa70d..806297c 100644
--- a/fish/tilde.c
+++ b/fish/tilde.c
@@ -58,7 +58,7 @@ try_tilde_expansion (char *str)
     home = find_home_for_username (&str[1], len);
 
     if (home) {
-      len = strlen (home) + strlen (rest);
+      len = strlen (home) + strlen (rest) + 1;
       str = malloc (len);
       if (str == NULL) {
         perror ("malloc");
-- 
1.8.3.1