Replace a few tabs, remove a few trailing spaces, and shorten a few
long lines.
Readme still needs another fix: if falsely claims to contain all bug
fixes since 3.6.4. I wasn't sure how to reword that so didn't try.
Also, fix a couple of old typos in Install.vms.
Prevent extremely long command line arguments from overflowing local
buffers in raw_printf or config_error_add. The increased buffer
sizes they recently got to deal with long configuration file values
aren't sufficient to handle command line induced overflows.
choose_windows(core): copy and truncate the window_type argument in
case it gets passed to config_error_add().
process_options(unix): report bad values with "%.60s" so that vsprintf
will implicitly truncate when formatted by raw_printf().
Fix 'Bugs 4, 5, and 6' which all use a similar fix but would have
conflicts over '#define BIGBUFSZ' if committed separately.
Format ("short explanation %s", string_argument), where the
explanation always has modest length but the string is potentially
up to 4*BUFSZ in length, into a 5*BUFSZ buffer. Then truncate the
result to at most BUFSZ-1 characters so that it can be safely passed
to interface-specific putstr() or raw_print().
Applies to pline(), raw_printf(), and config_error_add(). Also done
for impossible() although there's no evidence that its buffer could
be overflowed in a controlled manner.
Fix 'Bug 3' where too long SYMBOL=string in run-time config file could
overflow a local buffer and clobber the stack.
Valid value is only one character long after processing an 'escaped'
encoded character which can be at most 6 characters (plus terminator):
backslash M backslash and up three digits. If/when UTF8 gets added
the number of digits will increase. Use a truncated copy of the input
(substantially bigger than 6+1); ignore any excess.
Fix 'Bug 2' where too long MENUCOLOR=string in run-time config file
could overflow a local buffer and clobber the stack.
Theoretically a menu coloring regular expression could require a
bigger buffer but I don't think we need to try to support that.
255 characters minus the amount needed to specify color and/or
attributes should be ample.
have string_for_opt() return the value string or empty_optstr to
provide some level of crash protection if some future added option
processing misbehaves. Callers of string_for_opt() and
string_for_env_opt() should always check for a match to empty_optstr.
