# HG changeset patch
# User reimar
# Date 1352548177 0
# Node ID 38a5d56c389c69dcf784f064b8e0ecad38c62b7f
# Parent  fbd8efe9e5a81b0c292f54800d428eb09d93a4fb
Fix allocation that could in theory be too small for the terminating NULL.

It should only have been possible to actually trigger when chapter
name and start string were both empty.

diff -r fbd8efe9e5a8 -r 38a5d56c389c libmenu/menu_chapsel.c
--- a/libmenu/menu_chapsel.c	Sat Nov 10 10:56:36 2012 +0000
+++ b/libmenu/menu_chapsel.c	Sat Nov 10 11:49:37 2012 +0000
@@ -76,7 +76,7 @@
     int l = strlen(fmt);
     int cl = strlen(chapter_name);
     int sl = strlen(start);
-    char *str = malloc(l + cl + sl);
+    char *str = malloc(l + cl + sl + 1);
     char *p;
     strcpy(str, fmt);
     p = strstr(str, ctag);