I don't see an overflow here.
> >         while ((w = read(s, &ch, 1)) == 1) {
> >                 *buf = ch;
> >                 if ((ch != ' ') && (ch != '\t') && (ch != '\r'))
> >                         ++buf;
> >                 if ((buf - realbuf == sizeof(realbuf) - 1) || (ch ==
> > '\n'))
> >                         break;
> >         }
This code is prefaced somewhere by:
  char realbuf[SIZ];
  buf = realbuf;
Translating into more readable(?) pseudo code:
  Set buf to point to the first character of realbuf
  While a call to read successfully returns a character
    Add the character to realbuf at the location pointed to by buf
    If the character is not a space, tab, or return
      Increment buf to point at the next char in realbuf
    If buf is pointing at the last char in realbuf or the character read
    was a newline
      Exit the while loop
This loop will exit on either a newline, or when buf is pointing at the
last character of realbuf.
Where's the possible overflow? If you feed this loop a bunch of spaces,
tabs, or returns, all you'll succeed in doing is overwriting the same spot
in realbuf.
-- Paul Henson | System Administrator | Cal Poly Pomona | (909) 869-3781 pbhenson@csupomona.edu | finger -l henson@www.csupomona.edu for PGP key