I'm getting glibc errors that a buffer overflow is detected. I've
traced it to the sprintf call on line 428 in linux.c file, where the
temp_addr array doesn't have space for trailing \0.

The attached patch should fix it.

Miroslav Lichvar

Index: conky-1.6.1/src/linux.c
===================================================================
--- conky-1.6.1.orig/src/linux.c	2008-09-08 10:14:57.000000000 +0530
+++ conky-1.6.1/src/linux.c	2008-09-08 10:54:34.000000000 +0530
@@ -353,7 +353,7 @@
 	for (i2 = 0; i2 < 16; i2++) {
 		struct net_stat *ns;
 		char *s, *p;
-		char temp_addr[17];
+		char temp_addr[18];
 		long long r, t, last_recv, last_trans;
 
 		if (fgets(buf, 255, net_dev_fp) == NULL) {
@@ -380,9 +380,9 @@
 		memset(&(ns->addr.sa_data), 0, 14);
 
 		if(NULL == ns->addrs)
-			ns->addrs = (char*) malloc(17 * 16);
+			ns->addrs = (char*) malloc(17 * 16 + 1);
 		if(NULL != ns->addrs)
-			memset(ns->addrs, 0, 17 * 16); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
+			memset(ns->addrs, 0, 17 * 16 + 1); /* Up to 17 chars per ip, max 16 interfaces. Nasty memory usage... */
 
 		last_recv = ns->recv;
 		last_trans = ns->trans;
