From 6be7e6da5f884de55db6cfa7a261d31cd9735e4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@des.no>
Date: Sun, 13 Jul 2014 21:33:46 +0000
Subject: [PATCH] Add a check for buffer overflow

---
 t/t_strlcat.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/t/t_strlcat.c b/t/t_strlcat.c
index 2f8a174..def6d95 100644
--- a/t/t_strlcat.c
+++ b/t/t_strlcat.c
@@ -45,6 +45,7 @@
 #define T_MAGIC_STR	"squeamish ossifrage"
 #define T_MAGIC_LEN	(sizeof(T_MAGIC_STR) - 1)
 #define T_BUFSIZE	(T_MAGIC_LEN + 1 + T_MAGIC_LEN + 1)
+#define T_CANARY	0x7f
 
 struct t_case {
 	const char *desc;
@@ -130,12 +131,17 @@ static int
 t_strlcat(char **desc CRYB_UNUSED, void *arg)
 {
 	struct t_case *t = arg;
-	char buf[T_BUFSIZE];
+	char buf[T_BUFSIZE + 1];
 	size_t sz;
 	int ret;
 
-	memcpy(buf, t->buf, sizeof buf);
-	sz = strlcat(buf, t->in, sizeof buf);
+	memcpy(buf, t->buf, sizeof t->buf);
+	buf[T_BUFSIZE] = T_CANARY;
+	sz = strlcat(buf, t->in, T_BUFSIZE);
+	if (buf[T_BUFSIZE] != T_CANARY) {
+		t_verbose("buffer overflow");
+		return (0);
+	}
 	ret = t_compare_sz(t->sz, sz);
 	if (t->out != NULL)
 		ret = ret && t_compare_str(t->out, buf);