* lib/human.c (human_readable): Fix off-by-one typo in buffer
calculation that could lead to a one-byte buffer overrun.
---
ChangeLog | 6 ++++++
lib/human.c | 3 ++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index da7e48d..8a919ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-12-31 Paul Eggert <egg...@cs.ucla.edu>
+
+ human: fix output buffer overrun by 1
+ * lib/human.c (human_readable): Fix off-by-one typo in buffer
+ calculation that could lead to a one-byte buffer overrun.
+
2015-12-28 Daiki Ueno <u...@gnu.org>
maint: fix operator precedence in mbrtowc test
diff --git a/lib/human.c b/lib/human.c
index 7863f9c..767aaec 100644
--- a/lib/human.c
+++ b/lib/human.c
@@ -185,7 +185,8 @@ human_readable (uintmax_t n, char *buf, int opts,
if (strlen (l->thousands_sep) <= MB_LEN_MAX)
thousands_sep = l->thousands_sep;
- psuffix = buf + LONGEST_HUMAN_READABLE - HUMAN_READABLE_SUFFIX_LENGTH_MAX;
+ /* Leave room for a trailing space and following suffix. */
+ psuffix = buf + LONGEST_HUMAN_READABLE - 1 -
HUMAN_READABLE_SUFFIX_LENGTH_MAX;
p = psuffix;
/* Adjust AMT out of FROM_BLOCK_SIZE units and into TO_BLOCK_SIZE
--
2.5.0
