Merge branch 'master' of ssh://git.sv.gnu.org/srv/git/gawk

2 files changed, 7 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index d193680a..b1b29432 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,12 @@
 	(pprint): Be smarter for print[f] with redirection that was
 	parenthesized, to not print `printf(("hello\n")) > "..."'.
 
+2020-01-14         Andrew J. Schorr      <aschorr@telemetry-investments.com>
+
+	* cint_array.c (cint_array_init): Fix off-by-one error in array 
+	bounds overflow check for an NHAT value set in the environment.
+	Thanks to Michael Builov <mbuilov@gmail.com> for the report.
+
 2020-01-08         Arnold D. Robbins     <arnold@skeeve.com>
 
 	Fix a number of subtle memory leaks. Thanks to the
diff --git a/cint_array.c b/cint_array.c
index 417f27d5..d7171ac8 100644
--- a/cint_array.c
+++ b/cint_array.c
@@ -175,7 +175,7 @@ cint_array_init(NODE *symbol ATTRIBUTE_UNUSED, NODE *subs ATTRIBUTE_UNUSED)
 		if ((newval = getenv_long("NHAT")) > 1 && newval < INT32_BIT)
 			NHAT = newval;
 		/* don't allow overflow off the end of the table */
-		if (NHAT >= nelems)
+		if (NHAT > nelems - 2)
 			NHAT = nelems - 2;
 		THRESHOLD = power_two_table[NHAT + 1];
 	} else