#25 Buffer overrun: accessing 'buffer', the writable size is '32

[Sergey Kolomenkin]

Buffer overrun: accessing 'buffer', the writable size is '32' bytes, but '33' bytes might be written.
This occurs when int(token.end_ - token.start_) generates 32.
There should be "Char buffer[bufferSize+1];" instead.

double value = 0;
const int bufferSize = 32;
int count;
int length = int(token.end_ - token.start_);
if ( length <= bufferSize )
{
Char buffer[bufferSize];
memcpy( buffer, token.start_, length );
buffer[length] = 0;
count = sscanf( buffer, "%lf", &value );
}

[Baptiste Lepilleur]

Fixed in trunk.