Bug 706081: Fix off by one in size calculation.

2026-02-05 17:29:43 +08:00 · 2022-11-16 21:12:12 +01:00
parent 09b3fcb1e7
commit bd037ab7aa
1 changed files with 1 additions and 1 deletions
--- a/jsvalue.c
+++ b/jsvalue.c
@@ -378,7 +378,7 @@ static js_Object *jsV_newstring(js_State *J, const char *v)
 {
 	js_Object *obj = jsV_newobject(J, JS_CSTRING, J->String_prototype);
 	size_t n = strlen(v);
-	if (n < sizeof(obj->u.s.shrstr) - 1) {
+	if (n < sizeof(obj->u.s.shrstr)) {
 		obj->u.s.string = obj->u.s.shrstr;
 		memcpy(obj->u.s.shrstr, v, n + 1);
 	} else {