Prevent buffer overflow when forcibly terminating an escape character.

Obtained from: OpenBSD Note: In the case of a full buffer the OpenBSD implementation will leave in the format string an invalid escape sequence. This appears to be harmless with our C library, but according to C99 this can cause undefined behavior. MFC after: 2 weeks
author: dds <dds@FreeBSD.org> 2006-12-03 17:50:21 +0000
committer: dds <dds@FreeBSD.org> 2006-12-03 17:50:21 +0000
commit: af51ff22340d96d114f2e3775d320add25977611 (patch)
tree: 0cd3dee31733eda568f33a488b13329d02715775 /usr.bin/jot
parent: 552b6c0ead97cdc98a42d8140db41253cd9bd97a (diff)
download: FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.zip
FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c
index 34ec76b..088903f 100644
--- a/usr.bin/jot/jot.c
+++ b/usr.bin/jot/jot.c
@@ -480,7 +480,9 @@ fmt_broken:
 			else if (*p == '%' && *(p+1) == '%')
 				p++;
 			else if (*p == '%' && !*(p+1)) {
-				strcat(format, "%");
+				if (strlcat(format, "%", sizeof(format)) >=
+				    sizeof(format))
+					errx(1, "-w word too long");
 				break;
 			}
 	}
author	dds <dds@FreeBSD.org>	2006-12-03 17:50:21 +0000
committer	dds <dds@FreeBSD.org>	2006-12-03 17:50:21 +0000
commit	af51ff22340d96d114f2e3775d320add25977611 (patch)
tree	0cd3dee31733eda568f33a488b13329d02715775 /usr.bin/jot
parent	552b6c0ead97cdc98a42d8140db41253cd9bd97a (diff)
download	FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.zip FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.tar.gz