Rocks'n'Diamonds

Enter the config of envelope 1 and write a long long long message of junk. Don't stop after you reached the 30x20 limit, just continue to write.

The characters that doesn't fit anymore in envelope 1 will be written - in a backward way - in envelope 2. And if there already were something written in envelope 2, then it could get erased when you write more in envelope 1.
Pressing Return when being at that limit is also a way of actually saving more than 600 characters for the envelope text.

This bug was found using 3.2.2 in Linux, but I don't think it has been discovered and fixed for 3.2.3.

Thanks for reporting this -- it was a very nasty string overflow bug. These problems can never be 100% avoided in C, I'm afraid, regardless of how careful you are (and I think I *am* careful here, knowing C and it's traps for around 20 years now). :-o

I needed quite some hours to track down this bug and fix it, although it was simple and stupid in the end. :-o