micro fopenp() fix
From a bug report. I can't test this fix, but inspection of the code shows that his suggested fix is clearly necessary. Once `bp' gets incremented, storing via `bp[BUFSZ-1]' writes beyond the bounds of `buf' and clobbers something.
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
/* SCCS Id: @(#)pcsys.c 3.3 1999/12/10 */
|
||||
/* SCCS Id: @(#)pcsys.c 3.3 2002/01/22 */
|
||||
/* NetHack may be freely redistributed. See license for details. */
|
||||
|
||||
/*
|
||||
@@ -451,7 +451,7 @@ const char *name, *mode;
|
||||
ccnt++;
|
||||
}
|
||||
(void) strncpy(bp, name, (BUFSIZ - ccnt) - 2);
|
||||
bp[BUFSIZ-1] = '\0';
|
||||
bp[BUFSIZ - ccnt - 1] = '\0';
|
||||
if ((fp = fopen(buf, mode)))
|
||||
return fp;
|
||||
if (*pp)
|
||||
|
||||
Reference in New Issue
Block a user