history: fix out-of-bounds read on retrieving empty line

Reproducer: Compile a ksh with AddressSanitizer. In that ksh, edit
the last command line with 'fc', insert an empty line at the start,
and save. Now use the up-arrow to retrieve the empty line. Ksh
aborts on history.c line 1011 as hist_copy() tries to read before
the beginning of the buffer pointed to by s1.

src/cmd/ksh93/edit/history.c: hist_copy():
- Verify that the s1 pointer was increased from the original s1
  before trying to read the character *(s1-1).

NEWS

@@ -3,6 +3,10 @@ For full details, see the git log at: https://github.com/ksh93/ksh/tree/1.0
 
 Any uppercase BUG_* names are modernish shell bug IDs.
 
+2022-07-10:
+
+- Fixed a potential crash on retrieving an empty line from the command history.
+
 2022-07-09:
 
 - Fixed a bug that broke '[[ ... ]]' test expressions for the command

src/cmd/ksh93/edit/history.c

@@ -982,7 +982,8 @@ int hist_copy(char *s1,int size,int command,int line)
 	register int c;
 	register History_t *hp = sh.hist_ptr;
 	register int count = 0;
-	register char *s1max = s1+size;
+	char *const s1orig = s1;
+	char *const s1max = s1 + size;
 	if(!hp)
 		return(-1);
 	hist_seek(hp,command);
@@ -1008,7 +1009,7 @@ int hist_copy(char *s1,int size,int command,int line)
 	sfseek(hp->histfp,(off_t)0,SEEK_END);
 	if(s1==0)
 		return(count);
-	if(count && (c= *(s1-1)) == '\n')
+	if(count && s1 > s1orig && (c = *(s1 - 1)) == '\n')
 		s1--;
 	*s1 = '\0';
 	return(count);

src/cmd/ksh93/include/version.h

@@ -23,7 +23,7 @@
 
 #define SH_RELEASE_FORK	"93u+m"		/* only change if you develop a new ksh93 fork */
 #define SH_RELEASE_SVER	"1.0.0-beta.2"	/* semantic version number: https://semver.org */
-#define SH_RELEASE_DATE	"2022-07-09"	/* must be in this format for $((.sh.version)) */
+#define SH_RELEASE_DATE	"2022-07-10"	/* must be in this format for $((.sh.version)) */
 #define SH_RELEASE_CPYR	"(c) 2020-2022 Contributors to ksh " SH_RELEASE_FORK
 
 /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */