From cffc75d6141a28775e7506609c307d23a323aeb1 Mon Sep 17 00:00:00 2001
From: Pavel Machek <pavel@suse.cz>
Date: Tue, 29 Sep 1998 12:07:13 +0000
Subject: [PATCH] Fixed buffer overrun.

---
 src/layout.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/layout.c b/src/layout.c
index 4a2a8194c..9f0670972 100644
--- a/src/layout.c
+++ b/src/layout.c
@@ -860,7 +860,11 @@ void print_vfs_message(char *msg, ...)
     char str[128];
 
     va_start(ap, msg);
-    vsprintf(str, msg, ap);
+    vsnprintf(str, 126, msg, ap);
+    /* Before you kill me for using non-portable vsnprintf... It is
+       neccessary: vfs layer may print arbitrary long messages (they
+       contain pathname). If you know how to solve it, please do so,
+       but this is probably exploitable buffer overrun.) */
     va_end(ap);
     if (midnight_shutdown || !the_hint || !the_hint->widget.parent)
 	return;