From 38f6bbe5ec0bc77fcf4f564e716acd23372cef3a Mon Sep 17 00:00:00 2001 From: Mamoru TASAKA Date: Tue, 16 Jul 2024 15:52:09 +0900 Subject: [PATCH] misc/string.c: fix one byte ahead access in dup_string In dup_string in misc/string.c , even if the destination buffer is allocated with n_char bytes, the source buffer `str` can be accessed up to only n_char bytes. --- src/misc/string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/misc/string.c b/src/misc/string.c index 1374607da..97acd9c92 100644 --- a/src/misc/string.c +++ b/src/misc/string.c @@ -78,7 +78,7 @@ char *dup_string(const char *str, size_t n_char) char *p = TMALLOC(char, n_char + 1); if (p != NULL) { - (void) memcpy(p, str, n_char + 1); + (void) memcpy(p, str, n_char); p[n_char] = '\0'; } return p;