From ac43186dff0f4e92a566987bb9108d6c5421e9ff Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Mon, 3 Jul 2023 10:48:26 +0000
Subject: Do not risk writing over the end of the buffer when it ends in #
 (because strchr \0 will be non-NULL), reported by Robert Morris in GitHub
 issue 3610.

---
 format.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/format.c b/format.c
index e383a141..3f745141 100644
--- a/format.c
+++ b/format.c
@@ -3664,7 +3664,9 @@ format_skip(const char *s, const char *end)
 	for (; *s != '\0'; s++) {
 		if (*s == '#' && s[1] == '{')
 			brackets++;
-		if (*s == '#' && strchr(",#{}:", s[1]) != NULL) {
+		if (*s == '#' &&
+		    s[1] != '\0' &&
+		    strchr(",#{}:", s[1]) != NULL) {
 			s++;
 			continue;
 		}
-- 
cgit v1.2.3