Module Name: src Committed By: pgoyette Date: Wed Oct 26 06:10:40 UTC 2016
Modified Files: src/sys/dev: dev_verbose.c Log Message: Avoid writing beyond the end of the buffer we were given. This should actually cure the "stack overflow" reported earlier (and was worked around by increasing the size of the buffer). To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/sys/dev/dev_verbose.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/dev/dev_verbose.c diff -u src/sys/dev/dev_verbose.c:1.2 src/sys/dev/dev_verbose.c:1.3 --- src/sys/dev/dev_verbose.c:1.2 Wed Feb 3 05:29:43 2016 +++ src/sys/dev/dev_verbose.c Wed Oct 26 06:10:39 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $ */ +/* $NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $ */ /* * Redistribution and use in source and binary forms, with or without @@ -23,7 +23,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $"); #include <sys/param.h> @@ -41,10 +41,14 @@ dev_untokenstring(const char *words, con size_t len) { char *cp = buf; + size_t newlen; buf[0] = '\0'; for (; *token != 0; token++) { - cp = buf + strlcat(buf, words + *token, len - 2); + newlen = strlcat(buf, words + *token, len - 2); + if (newlen > len - 2) + newlen = len - 2; + cp = buf + newlen; cp[0] = ' '; cp[1] = '\0'; }