From 26340a8818e0d54b6fde7a3a1c5f38c9137065bf Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" Date: Sun, 25 Jul 2021 16:43:00 +0900 Subject: time.c: fixed a potential buffer overflow in `time_zonename`. --- mrbgems/mruby-time/src/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mrbgems/mruby-time/src/time.c b/mrbgems/mruby-time/src/time.c index 3c6959644..99dcb2bcf 100644 --- a/mrbgems/mruby-time/src/time.c +++ b/mrbgems/mruby-time/src/time.c @@ -695,7 +695,7 @@ time_zonename(mrb_state *mrb, struct mrb_time *tm, char *buf, size_t len) datetime.tm_hour = offset / 60; datetime.tm_min = offset % 60; buf[0] = utc_sec < tm->sec ? '-' : '+'; - return strftime(buf+1, len, "%H%M", &datetime) + 1; + return strftime(buf+1, len-1, "%H%M", &datetime) + 1; #else return strftime(buf, len, "%z", &tm->datetime); #endif -- cgit v1.2.3