[prev in list] [next in list] [prev in thread] [next in thread]
List: gnulib-bug
Subject: [PATCH] human: fix output buffer overrun by 1
From: Paul Eggert <eggert () cs ! ucla ! edu>
Date: 2015-12-31 21:17:50
Message-ID: 1451596670-13001-1-git-send-email-eggert () cs ! ucla ! edu
[Download RAW message or body]
* lib/human.c (human_readable): Fix off-by-one typo in buffer
calculation that could lead to a one-byte buffer overrun.
---
ChangeLog | 6 ++++++
lib/human.c | 3 ++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index da7e48d..8a919ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-31 Paul Eggert <eggert@cs.ucla.edu>
+
+ human: fix output buffer overrun by 1
+ * lib/human.c (human_readable): Fix off-by-one typo in buffer
+ calculation that could lead to a one-byte buffer overrun.
+
2015-12-28 Daiki Ueno <ueno@gnu.org>
maint: fix operator precedence in mbrtowc test
diff --git a/lib/human.c b/lib/human.c
index 7863f9c..767aaec 100644
--- a/lib/human.c
+++ b/lib/human.c
@@ -185,7 +185,8 @@ human_readable (uintmax_t n, char *buf, int opts,
if (strlen (l->thousands_sep) <= MB_LEN_MAX)
thousands_sep = l->thousands_sep;
- psuffix = buf + LONGEST_HUMAN_READABLE - HUMAN_READABLE_SUFFIX_LENGTH_MAX;
+ /* Leave room for a trailing space and following suffix. */
+ psuffix = buf + LONGEST_HUMAN_READABLE - 1 - HUMAN_READABLE_SUFFIX_LENGTH_MAX;
p = psuffix;
/* Adjust AMT out of FROM_BLOCK_SIZE units and into TO_BLOCK_SIZE
--
2.5.0
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic