From 2c7f73f9c425d90e8da078650b841449f2f905a0 Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Fri, 6 Mar 2026 08:09:58 +0000
Subject: [PATCH] Do not use recallocarray because the stored size may have
 changed during reflow so may not match what it expects, fixes crash reported
 by Caspar Schutijser.

---
 grid.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/grid.c b/grid.c
index df5951f6..d4955f96 100644
--- a/grid.c
+++ b/grid.c
@@ -495,7 +495,7 @@ static void
 grid_expand_line(struct grid *gd, u_int py, u_int sx, u_int bg)
 {
 	struct grid_line	*gl;
-	u_int			 xx, old_cellsize;
+	u_int			 xx;
 
 	gl = &gd->linedata[py];
 	if (sx <= gl->cellsize)
@@ -508,10 +508,13 @@ grid_expand_line(struct grid *gd, u_int py, u_int sx, u_int bg)
 	else if (gd->sx > sx)
 		sx = gd->sx;
 
-	old_cellsize = gl->cellsize;
-	gl->celldata = xrecallocarray(gl->celldata, old_cellsize, sx,
+	gl->celldata = xreallocarray(gl->celldata, sx,
 	    sizeof *gl->celldata);
-	for (xx = old_cellsize; xx < sx; xx++)
+	if (gl->cellsize < sx) {
+		memset(gl->celldata + gl->cellsize, 0,
+		    (sx - gl->cellsize) * sizeof *gl->celldata);
+	}
+	for (xx = gl->cellsize; xx < sx; xx++)
 		grid_clear_cell(gd, xx, py, bg);
 	gl->cellsize = sx;
 }