If a word read from an options file was longer than MAXWORDLEN,
we could pass it to option_error() without null termination,
which could have lead to an out-of-bounds access in vslprintf.
Make sure word[] is null terminated in all cases.
Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
c = getc(f);
}
+ word[MAXWORDLEN-1] = 0; /* make sure word is null-terminated */
/*
* End of the word: check for errors.