Fix a buffer overflow in printb(). - circo

commit dddc69c41caa8ad08ad68466f7fcf977e444b2f4
parent d706fbff1aa7770931f0f1a5b102fa0bb405e6b5
Author: Claudio Alessi <smoppy@gmail.com>
Date:   Tue, 25 Jul 2017 22:43:30 +0200

Fix a buffer overflow in printb().

Diffstat:
M circo.c  | 6 +++---

1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/circo.c b/circo.c
@@ -680,11 +680,11 @@ printb(Buffer *b, char *fmt, ...) {
 	int len = 0;
 
 	tm = time(NULL);
-        len = strftime(buf, sizeof buf - len, TIMESTAMP_FORMAT, localtime(&tm));
+        len = strftime(buf, sizeof(buf), TIMESTAMP_FORMAT, localtime(&tm));
 	va_start(ap, fmt);
-	len += vsnprintf(&buf[len], sizeof(buf) - len, fmt, ap);
+	len += vsnprintf(&buf[len], sizeof(buf) - len - 1, fmt, ap);
 	va_end(ap);
-	if(!b->size || b->len >= b->size)
+	if(!b->size || b->len + len >= b->size)
 		if(!(b->data = realloc(b->data, b->size += len + BUFSZ)))
 			die("cannot realloc\n");
 	memcpy(&b->data[b->len], buf, len);

	circo claudio's IRC oasis
	git clone git://git.bitsmanent.org/circo
	Log \| Files \| Refs \| README \| LICENSE