- // Make sure we have an extra zero block just past the value,
- // but don't increase the logical length. A shifted subtraction
- // (for example, subtracting 1 << 2 from 4) might stick into
- // this block.
- allocateAndCopy(len + 1);
- blk[len] = 0;
+ /*
+ * Make sure we have an extra zero block just past the value.
+ * A shifted subtraction (for example, subtracting 1 << 2 from 4)
+ * might stick into this block.
+ *
+ * In earlier versions, `len' was not increased. But then Milan Tomic
+ * found out-of-bounds memory accesses. In investigating the problem,
+ * I got tons of warnings in this routine, which I should have expected.
+ * I decided to make the extra block logically part of the number so it
+ * would not cause confusion in the future.
+ */
+ Index origLen = len; // original length
+ len++; // increased to avoid memory management worries
+ allocateAndCopy(len);
+ blk[origLen] = 0;