* src/numfmt.c (double_to_human): The printf format is built up in
a stack buffer which is big enough to hold any of the possible formats.
However the size parameter passed to snprintf was too big by 1
when GROUP was true. So decrease the buffer available to snprintf
to avoid this theoretical in practise but valid coverity warning.
---
src/numfmt.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/numfmt.c b/src/numfmt.c
index e8f53fc..6091bb6 100644
--- a/src/numfmt.c
+++ b/src/numfmt.c
@@ -703,7 +703,7 @@ double_to_human (long double val, int precision,
*pfmt++ = '\'';
if (zero_padding_width)
- pfmt += snprintf (pfmt, sizeof (fmt) - 1, "0%ld", zero_padding_width);
+ pfmt += snprintf (pfmt, sizeof (fmt) - 2, "0%ld", zero_padding_width);
devmsg ("double_to_human:\n");
--
1.7.7.6
