From d2c82c0cfe5a674f58837f9d8c1d6ad15f10010e Mon Sep 17 00:00:00 2001 From: Don Lewis Date: Mon, 16 May 2016 19:48:02 +0000 Subject: [PATCH] Fix off by one error that overflowed the rep_len array when doing the final NUL termination. Reported by: Coverity CID: 1007617 MFC after: 1 week --- usr.bin/chat/chat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr.bin/chat/chat.c b/usr.bin/chat/chat.c index d62e47ae6729..107d9519c326 100644 --- a/usr.bin/chat/chat.c +++ b/usr.bin/chat/chat.c @@ -521,7 +521,7 @@ void terminate(int status) size_t rep_len; rep_len = strlen(report_buffer); - while (rep_len + 1 <= sizeof(report_buffer)) { + while (rep_len + 1 < sizeof(report_buffer)) { alarm(1); c = get_char(); alarm(0);