From b4f2c1683a8d0caa8887b96257841f154e08acb3 Mon Sep 17 00:00:00 2001
From: Suresh Sundriyal <sureshsundriyal@gmail.com>
Date: Sat, 27 Jun 2015 21:26:08 -0700
Subject: [PATCH] [coverity] Avoid a buffer-overrun.

'escape_index' is ensured to be less than 'sizeof(escape_buffer)-1'.
This guarantees enough space for one more character in the
escape_buffer. However, if we meet this condition, we go ahead and shove
a character and a null-terminator in to the string, potentially leading
to a buffer overrun.
---
 src/lnav.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lnav.cc b/src/lnav.cc
index 4fb1801d..aad02d32 100644
--- a/src/lnav.cc
+++ b/src/lnav.cc
@@ -3863,7 +3863,10 @@ static void looper(void)
                     while ((ch = getch()) != ERR) {
                         alerter::singleton().new_input(ch);
 
-                        if (escape_index >= sizeof(escape_buffer) - 1) {
+                        /* Check to make sure there is enough space for a
+                         * character and a string terminator.
+                         */
+                        if (escape_index >= sizeof(escape_buffer) - 2) {
                             escape_index = 0;
                         }
                         else if (escape_index > 0) {