Martin Cohen wrote:
void lj_debug_shortname(char *out, GCstr *str)
{
const char *src = strdata(str);
if (*src == '=') {
strncpy(out, src+1, LUA_IDSIZE); /* Remove first char. */
out[LUA_IDSIZE-1] = '\0'; /* Ensures null termination. */
} else if (*src == '@') { /* Output "source", or "...source". */
size_t len = str->len-1;
src++; /* Skip the `@' */
if (len >= LUA_IDSIZE) {
src += len-(LUA_IDSIZE-4); /* Get last part of file name. */
*out++ = '.'; *out++ = '.'; *out++ = '.';
}
strcpy(out, src);
Error occurs on last line pasted (strcpy) and is caused by `src` starting
with `@` but `str->len` being 0. That causes it to enter the `*src == '@'
branch, but by that time `src` already points to invalid memory that is not
0 terminated.