From 20f6684161c42b30f9aad3fafa4431bd3ab88fd8 Mon Sep 17 00:00:00 2001
From: Tiago Cunha <tcunha@gmx.com>
Date: Thu, 2 Feb 2012 15:52:56 +0000
Subject: [PATCH] NUL terminate the strftime(3) buffer.

SUS says that if there wasn't enough space to copy the expanded format
to the buffer, strftime(3) will not NUL terminate it. It would work on
some implementations (eg on OpenBSD), though.

Therefore, take advantage of the return value to prevent using the
character array with unspecified contents with a very large clock
format.

Besides, the strlcat(3) call below relies on the destination buffer
being NUL terminated.

ok marco
---
 scrotwm.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scrotwm.c b/scrotwm.c
index e51220d..0cab82f 100644
--- a/scrotwm.c
+++ b/scrotwm.c
@@ -1446,7 +1446,8 @@ bar_update(void)
 	else {
 		time(&tmt);
 		localtime_r(&tmt, &tm);
-		strftime(s, sizeof s, clock_format, &tm);
+		len = strftime(s, sizeof s, clock_format, &tm);
+		s[len] = '\0';
 		strlcat(s, "    ", sizeof s);
 	}
 
-- 
1.7.10.4