From 018ca9ae373090cf8ed94d577232b8b02759f4c6 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 20 Jun 2017 07:20:03 -0400
Subject: [PATCH] Fix off-by-one error that enabled the fuzzer to find a crash
 hole.

One has to allocate space for the trailing NUL, too.
---
 misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc.c b/misc.c
index 29846e2..71c7540 100644
--- a/misc.c
+++ b/misc.c
@@ -291,7 +291,7 @@ bool YES(const char* question, const char* yes_response, const char* no_response
 
         reply = get_input();
 
-        char* firstword = (char*) xmalloc(strlen(reply));
+        char* firstword = (char*) xmalloc(strlen(reply)+1);
         sscanf(reply, "%s", firstword);
 
         for (int i = 0; i < (int)strlen(firstword); ++i)
-- 
2.31.1