From d9057521e665e1564e38b93ae1fafb53c81cb5d1 Mon Sep 17 00:00:00 2001
From: Neven Sajko <nsajko@gmail.com>
Date: Sat, 28 Dec 2019 21:33:59 +0000
Subject: cmd/htmlroff: fix buffer overflow in t2.c getqarg

This is actually from 2016:
https://plan9port-review.googlesource.com/c/plan9/+/1590

Change-Id: I6f2a3d71a9dd589eff7ab15b3c1d3997254b3c35
---
 src/cmd/htmlroff/t2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/cmd/htmlroff/t2.c')

diff --git a/src/cmd/htmlroff/t2.c b/src/cmd/htmlroff/t2.c
index 54481d0a..daac3ea1 100644
--- a/src/cmd/htmlroff/t2.c
+++ b/src/cmd/htmlroff/t2.c
@@ -26,7 +26,7 @@ getqarg(void)
 	Rune *p, *e;
 	
 	p = buf;
-	e = p+sizeof buf-1;
+	e = p + nelem(buf) - 1;
 	
 	if(getrune() != '\'')
 		return nil;
-- 
cgit v1.2.3