Hi, On Sun, Jan 24, 2016 at 11:41 AM, Paul B Mahol <onemda at gmail.com> wrote: > patch attached. I think that's wrong. buf_end is buf_start+size, so if size=1, this allows writing up to and including buf_start[1], which overflows size=1. Ronald