NUL terminate the strftime(3) buffer.

SUS says that if there wasn't enough space to copy the expanded format
to the buffer, strftime(3) will not NUL terminate it. It would work on
some implementations (eg on OpenBSD), though.

Therefore, take advantage of the return value to prevent using the
character array with unspecified contents with a very large clock
format.

Besides, the strlcat(3) call below relies on the destination buffer
being NUL terminated.

ok marco

diff --git a/scrotwm.c b/scrotwm.c
index e51220d..0cab82f 100644 (file)
--- a/scrotwm.c
+++ b/scrotwm.c
@@ -1446,7 +1446,8 @@ bar_update(void)
        else {
                time(&tmt);
                localtime_r(&tmt, &tm);
-               strftime(s, sizeof s, clock_format, &tm);
+               len = strftime(s, sizeof s, clock_format, &tm);
+               s[len] = '\0';
                strlcat(s, "    ", sizeof s);
        }