Module Name: src
Committed By: pgoyette
Date: Wed Oct 26 06:10:40 UTC 2016
Modified Files:
src/sys/dev: dev_verbose.c
Log Message:
Avoid writing beyond the end of the buffer we were given.
This should actually cure the "stack overflow" reported earlier (and
was worked around by increasing the size of the buffer).
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/dev/dev_verbose.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/dev_verbose.c
diff -u src/sys/dev/dev_verbose.c:1.2 src/sys/dev/dev_verbose.c:1.3
--- src/sys/dev/dev_verbose.c:1.2 Wed Feb 3 05:29:43 2016
+++ src/sys/dev/dev_verbose.c Wed Oct 26 06:10:39 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $ */
+/* $NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $ */
/*
* Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $");
#include <sys/param.h>
@@ -41,10 +41,14 @@ dev_untokenstring(const char *words, con
size_t len)
{
char *cp = buf;
+ size_t newlen;
buf[0] = '\0';
for (; *token != 0; token++) {
- cp = buf + strlcat(buf, words + *token, len - 2);
+ newlen = strlcat(buf, words + *token, len - 2);
+ if (newlen > len - 2)
+ newlen = len - 2;
+ cp = buf + newlen;
cp[0] = ' ';
cp[1] = '\0';
}
