There is an overflow by 1 // off by one error in your first example of console_gets.
int console_gets(char *s, int len) {
char *t = s;
char c;
*t = '\000';
/* read until a <LF> is received */
while ((c = console_getc()) != '\n') {
*t = c; // this overflows when t-s == len
console_putc(c);
if ((t - s) < len) {
t++;
}
/* update end of string with NUL */
*t = '\000'; // this overflows when t-s == len
}
return t - s;
}
Simple example assumption buffer of one length. First char is put at index 0, t - s is then smaller then len, t will be incremented and from that moment on all writes are writing at index 1.