diff --git a/src/ChangeLog b/src/ChangeLog
index f1071d062..5510aff6a 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2004-09-28  Andrew V. Samoilov  <sav@bcs.zp.ua>
+
+	* util.c (convert_controls): Fix possible buffer overflow
+	for ".*^" strings.
+
 2004-09-27  Andrew V. Samoilov  <sav@bcs.zp.ua>
 
 	* complete.c [__linux__ && !__USE_GNU]: Fix compilation on Red Hat 7.3
diff --git a/src/util.c b/src/util.c
index 2fffcf9ca..dcf66805b 100644
--- a/src/util.c
+++ b/src/util.c
@@ -1019,14 +1019,13 @@ void wipe_password (char *passwd)
 
 /* Convert "\E" -> esc character and ^x to control-x key and ^^ to ^ key */
 /* Returns a newly allocated string */
-char *convert_controls (const char *s)
+char *convert_controls (const char *p)
 {
-    char *valcopy = g_strdup (s);
-    const char *p;
+    char *valcopy = g_strdup (p);
     char *q;
 
     /* Parse the escape special character */
-    for (p = s, q = valcopy; *p;){
+    for (q = valcopy; *p;){
 	if (*p == '\\'){
 	    p++;
 	    if ((*p == 'e') || (*p == 'E')){
@@ -1043,7 +1042,7 @@ char *convert_controls (const char *s)
 		    if (c >= 'a' && c <= 'z') {
 		        *q++ = c - 'a' + 1;
 			p++;
-		    } else
+		    } else if (*p)
 		        p++;
 		}
 	    } else