[src/trunk]: src/sys/dev Avoid writing beyond the end of the buffer we were g...

[pgoyette <pgoyette%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c432c4205587
branches:  trunk
changeset: 348557:c432c4205587
user:      pgoyette <pgoyette%NetBSD.org@localhost>
date:      Wed Oct 26 06:10:39 2016 +0000

description:
Avoid writing beyond the end of the buffer we were given.

This should actually cure the "stack overflow" reported earlier (and
was worked around by increasing the size of the buffer).

diffstat:

 sys/dev/dev_verbose.c |  10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r 779ae19baabf -r c432c4205587 sys/dev/dev_verbose.c
--- a/sys/dev/dev_verbose.c     Wed Oct 26 03:55:56 2016 +0000
+++ b/sys/dev/dev_verbose.c     Wed Oct 26 06:10:39 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $ */
+/*     $NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $ */
 
 /*
  * Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $");
 
 #include <sys/param.h>
 
@@ -41,10 +41,14 @@
     size_t len)
 {
        char *cp = buf;
+       size_t newlen;
 
        buf[0] = '\0';
        for (; *token != 0; token++) {
-               cp = buf + strlcat(buf, words + *token, len - 2);
+               newlen = strlcat(buf, words + *token, len - 2);
+               if (newlen > len - 2)
+                       newlen = len - 2;
+               cp = buf + newlen;
                cp[0] = ' ';
                cp[1] = '\0';
        }