From 41da4d16b0bbfa12827ac772c28bf43b0b655140 Mon Sep 17 00:00:00 2001
From: mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 22 Dec 2008 15:18:12 +0000
Subject: * sprintf.c (rb_str_format): fix buffer overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20921 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 sprintf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sprintf.c')

diff --git a/sprintf.c b/sprintf.c
index 1195f9b17b..cc8f097e5b 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -979,8 +979,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 		    if ((flags & FWIDTH) && need < width)
 			need = width;
 
-		    CHECK(need);
-		    snprintf(&buf[blen], need, "%*s", need, "");
+		    CHECK(need + 1);
+		    snprintf(&buf[blen], need + 1, "%*s", need, "");
 		    if (flags & FMINUS) {
 			if (!isnan(fval) && fval < 0.0)
 			    buf[blen++] = '-';
-- 
cgit v1.2.3