BUG/MEDIUM: tools: off-by-one in quote_arg()

This function may write the \0 one char too far in the static array.
There is no effect right now as the function has never been used except
maybe in code that was never released. Out-of-tree code might possibly
be affected though (hence the MEDIUM flag).

No backport is needed.

Reported-by: Dinko Korunic <dkorunic@reflected.net>

diff --git a/src/standard.c b/src/standard.c
index 13ec4ad999e5c48ece91e2af26364254fe3bc50a..b14b70ba2787b7f2c4a772da0cc3575678533939 100644 (file)
--- a/src/standard.c
+++ b/src/standard.c
@@ -1567,7 +1567,7 @@ const char *quote_arg(const char *ptr)
        if (!ptr || !*ptr)
                return "end of line";
        val[0] = '\'';
-       for (i = 1; i < sizeof(val) - 1 && *ptr; i++)
+       for (i = 1; i < sizeof(val) - 2 && *ptr; i++)
                val[i] = *ptr++;
        val[i++] = '\'';
        val[i] = '\0';