From e7eafcf596a620c405dc5f6d34749551cb2ab1e3 Mon Sep 17 00:00:00 2001
From: brooks <brooks@FreeBSD.org>
Date: Wed, 13 Jan 2016 21:50:08 +0000
Subject: Avoid reading pass the end of the source buffer when it is not NUL
 terminated.

If this buffer is adjacent to an unmapped page or a version of C with
bounds checked is used this may result in a crash.

PR:		206178
Submitted by:	Alexander Cherepanov <cherepan@mccme.ru>
MFC after:	1 week
---
 lib/libc/string/wcslcat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/libc')

diff --git a/lib/libc/string/wcslcat.c b/lib/libc/string/wcslcat.c
index f5f1e1e..2df9477 100644
--- a/lib/libc/string/wcslcat.c
+++ b/lib/libc/string/wcslcat.c
@@ -54,7 +54,7 @@ wcslcat(wchar_t *dst, const wchar_t *src, size_t siz)
 	size_t dlen;
 
 	/* Find the end of dst and adjust bytes left but don't go past end */
-	while (*d != '\0' && n-- != 0)
+	while (n-- != 0 && *d != '\0')
 		d++;
 	dlen = d - dst;
 	n = siz - dlen;
-- 
cgit v1.1