bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] human: fix output buffer overrun by 1


From: Paul Eggert
Subject: [PATCH] human: fix output buffer overrun by 1
Date: Thu, 31 Dec 2015 13:17:50 -0800

* lib/human.c (human_readable): Fix off-by-one typo in buffer
calculation that could lead to a one-byte buffer overrun.
---
 ChangeLog   | 6 ++++++
 lib/human.c | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index da7e48d..8a919ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-31  Paul Eggert  <address@hidden>
+
+       human: fix output buffer overrun by 1
+       * lib/human.c (human_readable): Fix off-by-one typo in buffer
+       calculation that could lead to a one-byte buffer overrun.
+
 2015-12-28  Daiki Ueno  <address@hidden>
 
        maint: fix operator precedence in mbrtowc test
diff --git a/lib/human.c b/lib/human.c
index 7863f9c..767aaec 100644
--- a/lib/human.c
+++ b/lib/human.c
@@ -185,7 +185,8 @@ human_readable (uintmax_t n, char *buf, int opts,
   if (strlen (l->thousands_sep) <= MB_LEN_MAX)
     thousands_sep = l->thousands_sep;
 
-  psuffix = buf + LONGEST_HUMAN_READABLE - HUMAN_READABLE_SUFFIX_LENGTH_MAX;
+  /* Leave room for a trailing space and following suffix.  */
+  psuffix = buf + LONGEST_HUMAN_READABLE - 1 - 
HUMAN_READABLE_SUFFIX_LENGTH_MAX;
   p = psuffix;
 
   /* Adjust AMT out of FROM_BLOCK_SIZE units and into TO_BLOCK_SIZE
-- 
2.5.0




reply via email to

[Prev in Thread] Current Thread [Next in Thread]