From 821042278eb04b5f0baf50357d3a928debccec3c Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 14 Aug 2000 11:07:28 +0000 Subject: [PATCH] Fix another crash with long formats (#6145) # From strncpy manual: # In the case where the length of src is less than that of # n, the remainder of dest will be padded with nulls. --- ext/standard/formatted_print.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/formatted_print.c b/ext/standard/formatted_print.c index 1db9451928..2846eaaa98 100644 --- a/ext/standard/formatted_print.c +++ b/ext/standard/formatted_print.c @@ -184,7 +184,7 @@ php_sprintf_appendstring(char **buffer, int *pos, int *size, char *add, } } PRINTF_DEBUG(("sprintf: appending \"%s\"\n", add)); - strncpy(&(*buffer)[*pos], add, max_width); + strncpy(&(*buffer)[*pos], add, max_width-*pos+1); *pos += MIN(max_width, len); if (alignment == ALIGN_LEFT) { while (npad--) { -- 2.40.0