CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2017/12/30 00:19:05
Modified files:
usr.bin/jot : jot.c
Log message:
Avoid one-byte overflow in error path. If the format string ends in an
invalid specifier like `%l', p will already point to the trailing NUL
upon entering the switch, wherein the instruction
*++p = '\0';
will write another NUL after it, but there is no guarantee that the
buffer extends beyond that first NUL; thus, in the rare case where it
does not, this assignment will write one byte past its end.
from kshe
