[src/trunk]: src/bin/sh Fix an off by one buffer length problem. Fortunatel...

[kre <kre%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/fa0f1ae06c4b
branches:  trunk
changeset: 447687:fa0f1ae06c4b
user:      kre <kre%NetBSD.org@localhost>
date:      Mon Jan 21 13:27:29 2019 +0000

description:
Fix an off by one buffer length problem.   Fortunately, it was off by
one in the "safe" way (it was ensuring the buffer always ended in 2 \0
characters ... one is enough.)   This could affect the expansions of
LINENO RANDOM and SECONDS, though only if they have at least 8 digits
(and then, only sometimes).   RANDOM thus is safe, as it never produces
a number with more than 5 digits, you'd need a script with 10000000
lines before there might be an issue with LINENO (and even autoconf
generated scripts don't generally get that bit) and a shell would need
to be running for almost 4 months for SECONDS to climb that high.

Nevertheless: XXX pullup -8.

diffstat:

 bin/sh/var.c |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (45 lines):

diff -r 66625026e55a -r fa0f1ae06c4b bin/sh/var.c
--- a/bin/sh/var.c      Mon Jan 21 13:19:18 2019 +0000
+++ b/bin/sh/var.c      Mon Jan 21 13:27:29 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $     */
+/*     $NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $     */
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)var.c      8.3 (Berkeley) 5/4/95";
 #else
-__RCSID("$NetBSD: var.c,v 1.74 2018/12/12 11:51:33 kre Exp $");
+__RCSID("$NetBSD: var.c,v 1.75 2019/01/21 13:27:29 kre Exp $");
 #endif
 #endif /* not lint */
 
@@ -1378,7 +1378,7 @@
                return vp->text;
 #endif
 
-       snprintf(result, length - 1, "%.*s=%d", vp->name_len, vp->text, ln);
+       snprintf(result, length, "%.*s=%d", vp->name_len, vp->text, ln);
        return result;
 }
 #undef result
@@ -1485,7 +1485,7 @@
        if (!make_space(&buf, vp->name_len + 2 + digits_in(secs)))
                return vp->text;
 
-       snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text, secs);
+       snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text, secs);
        return buf.b;
 }
 
@@ -1571,7 +1571,7 @@
        if (!make_space(&buf, vp->name_len + 2 + digits_in(random_val)))
                return vp->text;
 
-       snprintf(buf.b, buf.len-1, "%.*s=%jd", vp->name_len, vp->text,
+       snprintf(buf.b, buf.len, "%.*s=%jd", vp->name_len, vp->text,
            random_val);
 
        if (buf.b != vp->text && (vp->flags & (VTEXTFIXED|VSTACK)) == 0)