From 07618dcb5a69971dde69b56cfda977d92de48525 Mon Sep 17 00:00:00 2001
From: "phil@softsynth.com"
 <phil@softsynth.com@b0a0988d-7f52-0410-8c73-4f6cdee1a2cf>
Date: Wed, 18 Feb 2009 17:59:02 +0000
Subject: [PATCH] Fix cell increment error in RESIZE

---
 csrc/pf_core.c  |  1 -
 csrc/pf_inner.c | 20 ++++++++++++--------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/csrc/pf_core.c b/csrc/pf_core.c
index 0329749..ceab2be 100644
--- a/csrc/pf_core.c
+++ b/csrc/pf_core.c
@@ -444,7 +444,6 @@ int32 pfDoForth( const char *DicName, const char *SourceName, int32 IfInit )
 
 	pfInit();
 	
-	
 /* Allocate Task structure. */
 	pfDebugMessage("pfDoForth: call pfCreateTask()\n");
 	cftd = pfCreateTask( DEFAULT_USER_DEPTH, DEFAULT_RETURN_DEPTH );
diff --git a/csrc/pf_inner.c b/csrc/pf_inner.c
index 7b2da55..15f764f 100644
--- a/csrc/pf_inner.c
+++ b/csrc/pf_inner.c
@@ -1397,12 +1397,13 @@ DBUG(("XX ah,m,l = 0x%8x,%8x,%8x - qh,l = 0x%8x,%8x\n", ah,am,al, qh,ql ));
 /* Resize memory allocated by ALLOCATE. */
 		case ID_RESIZE:  /* ( addr1 u -- addr2 result ) */
 			{
-				cell *FreePtr;
-				
-				FreePtr = (cell *) ( M_POP - sizeof(cell) );
+				cell *Addr1 = (cell *) M_POP;
+				// Point to validator below users address.
+				cell *FreePtr = Addr1 - 1;
 				if( ((uint32)*FreePtr) != ((uint32)FreePtr ^ PF_MEMORY_VALIDATOR))
 				{
-					M_PUSH( 0 );
+					// 090218 - Fixed bug, was returning zero.
+					M_PUSH( Addr1 );
 					TOS = -3;
 				}
 				else
@@ -1414,15 +1415,18 @@ DBUG(("XX ah,m,l = 0x%8x,%8x,%8x - qh,l = 0x%8x,%8x\n", ah,am,al, qh,ql ));
 						/* Copy memory including validation. */
 						pfCopyMemory( (char *) CellPtr, (char *) FreePtr, TOS + sizeof(cell) );
 						*CellPtr = (cell)(((uint32)CellPtr) ^ (uint32)PF_MEMORY_VALIDATOR);
-						CellPtr++;
-			            M_PUSH( (cell) ++CellPtr );
-						TOS = 0;
+						// 090218 - Fixed bug that was incrementing the address twice. Thanks Reinhold Straub.
+						// Increment past validator to user address.
+			            M_PUSH( (cell) (CellPtr + 1) );
+						TOS = 0; // Result code.
+						// Mark old cell as dead so we can't free it twice.
 						FreePtr[0] = 0xDeadBeef;
 						pfFreeMem((char *) FreePtr);
 					}
 					else
 					{
-						M_PUSH( 0 );
+						// 090218 - Fixed bug, was returning zero.
+						M_PUSH( Addr1 );
 						TOS = -4;  /* FIXME Fix error code. */
 					}
 				}
-- 
2.20.1