From 05e765c881af8045b601609d5c0214debb7fb2aa Mon Sep 17 00:00:00 2001
From: Jason Hood <jadoxa@yahoo.com.au>
Date: Tue, 26 Dec 2017 18:43:56 +1000
Subject: [PATCH] Fix buffer overflow

Turns out testing for an empty buffer outside the critical section
wasn't a good idea (testing in a virtual 10 started the thread between
the test and enter, causing buffer overflow in the small loop).
---
 ANSI.c     | 11 ++++++++---
 readme.txt |  3 ++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ANSI.c b/ANSI.c
index 01febcd..00811ad 100644
--- a/ANSI.c
+++ b/ANSI.c
@@ -184,7 +184,8 @@
     combine multiple CRs as one (to ignore all CRs before LF);
     don't process CR or BS during CRM;
     don't flush CR immediately (to catch following LF);
-    fix CRM with all partial RM sequences.
+    fix CRM with all partial RM sequences;
+    check for the empty buffer within the critical section.
 */
 
 #include "ansicon.h"
@@ -639,10 +640,14 @@ void FlushBuffer( void )
 {
   DWORD nWritten;
 
-  if (nCharInBuffer <= 0) return;
-
   EnterCriticalSection( &CritSect );
 
+  if (nCharInBuffer <= 0)
+  {
+    LeaveCriticalSection( &CritSect );
+    return;
+  }
+
   if (!awm && !im)
   {
     if (pState->crm)
diff --git a/readme.txt b/readme.txt
index 9891e2d..aeb3a97 100644
--- a/readme.txt
+++ b/readme.txt
@@ -336,7 +336,8 @@ Version History
 
     1.81-wip - 26 December, 2017:
     - fix multiple CRs before LF (including preventing an immediate flush);
-    - fix CR, BS and partial RM during CRM.
+    - fix CR, BS and partial RM during CRM;
+    - fix buffer overflow caused by incorrect critical section.
 
     1.80 - 24 December, 2017:
     - fix unloading;