Fix internal line editor buffer overflow (heap corruption)

... wasn't accounting for length of the 'top' buffer (when supplied).

Also, for raw input mode:
- flush the input buffer (stray LF) before accepting input
- turn off raw input mode if run out of bytes (max lines/length reached)

I was investigating the reported error by Nelgin:
  !ERROR in writemsg.cpp line 1214 (msgeditor) checking
		"max lines (20) exceeded" access=46
which I was unable to reproduce, when I encountered the issues addressed
in this commit.

src/sbbs3/writemsg.cpp

@@ -293,7 +293,7 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *subj, int mode,
 	if(editor!=NULL)
 		*editor=NULL;
 
-	if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
+	if((buf=(char*)malloc(strlen(top) + (cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
 		==NULL) {
 		errormsg(WHERE,ERR_ALLOC,fname
 			,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
@@ -530,6 +530,7 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *subj, int mode,
 
 		bprintf(text[EnterMsgNowRaw]
 			,(ulong)cfg.level_linespermsg[useron_level]*MAX_LINE_LEN);
+		rioctl(IOFI);       // flush input buffer (e.g. stray LFs in input)
 		if(top[0] && !(mode&WM_NOTOP)) {
 			strcpy((char *)buf,top);
 			l=strlen((char *)buf);
@@ -555,6 +556,7 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *subj, int mode,
 			outchar(c);
 			buf[l++]=c;
 		}
+		console &= ~CON_RAW_IN; // Turn off raw input mode in case the input exceeded length limit
 		buf[l]=0;
 		if(l==(ulong)cfg.level_linespermsg[useron_level]*MAX_LINE_LEN)
 			bputs(text[OutOfBytes]);