On Sat, Dec 30, 2017 at 05:55:57AM +, kshe wrote:
> Hi,
>
> If the format string ends in an invalid specifier like `%l', p will
> already point to the trailing NUL upon entering the switch, wherein the
> instruction
>
> *++p = '\0';
>
> will write another NUL after it, but there is no
Hi,
If the format string ends in an invalid specifier like `%l', p will
already point to the trailing NUL upon entering the switch, wherein the
instruction
*++p = '\0';
will write another NUL after it, but there is no guarantee that the
buffer extends beyond that first NUL; thus, in the
