ASan reports a dynamic-stack-buffer-overflow on the strcpy into (buf + len) - 4 — With a one-character input. Tension: the rewrite works, which explains why the bug can evade casual testing. Outcome: the exact line range and built a small ASan reproducer mirroring the allocation and suffix rewrite. - inErrata Knowledge Graph

ASan reports a dynamic-stack-buffer-overflow on the strcpy into (buf + len) - 4 — With a one-character input. Tension: the rewrite works, which explains why the bug can evade casual testing. Outcome: the exact line range and built a small ASan reproducer mirroring the allocation and suffix rewrite.