*n++ = *p++;
while (isdigit(*(uchar*)p) && n - fmt < (int)(sizeof fmt) - 8)
*n++ = *p++;
+ if (!*p)
+ break;
*n = '\0';
n = NULL;
break;
}
- /* Subtract the length of the escape from the string's size. */
- total -= p - s;
-
/* "n" is the string to be inserted in place of this % code. */
if (!n)
continue;
}
len = strlen(n);
+ /* Subtract the length of the escape from the string's size. */
+ total -= p - s;
+
if (len + total >= sizeof buf) {
rprintf(FERROR,
"buffer overflow expanding %%%c -- exiting\n",