Although this doesn't seem to cause a crash, valgrind confirms
that this is a genuine off-by-one bug. It could potentially
cause a crash if you did:
echo 'echo ~root/foo' | guestfish
home = find_home_for_username (&str[1], len);
if (home) {
home = find_home_for_username (&str[1], len);
if (home) {
- len = strlen (home) + strlen (rest);
+ len = strlen (home) + strlen (rest) + 1;
str = malloc (len);
if (str == NULL) {
perror ("malloc");
str = malloc (len);
if (str == NULL) {
perror ("malloc");