On Thu, Feb 06, 2020 at 05:46:57PM +0100, Pavel Sanda wrote: > On Thu, Feb 06, 2020 at 04:02:34PM +0100, Enrico Forestieri wrote: > > On Thu, Feb 06, 2020 at 12:59:53PM +0100, Pavel Sanda wrote: > > > I looked at the code and the buffer length seems properly handled in the > > > reported > > > line (247) by the previous if clause. > > > What is not clear to me are two following lines, which add m+1 chars > > > while the > > > check seem to properly handle only m chars and leaving no place for the > > > final' \0'. > > > Anyone else can confirm? > > > > I think the code is correct. It copies m+1 chars in order to be sure that > > the final '\0' is also copied. The fact that there is space for it is > > assured by the initial check that k+m+1 < MAX_WD_LEN. > > I checked the code again and you are right. > Misread < (by <=) in the initial condition.
On second thought, I instead think you are right. The code also adds a blank after the first strncpy(dfn,pos,k), and that makes a total of k+m+2 chars when accounting also for the final '\0'. -- Enrico -- lyx-devel mailing list lyx-devel@lists.lyx.org http://lists.lyx.org/mailman/listinfo/lyx-devel
