[src/trunk]: src/sys/dev Avoid writing beyond the end of the buffer we were g...

[pgoyette <pgoyette%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c9303871086a
branches:  trunk
changeset: 818699:c9303871086a
user:      pgoyette <pgoyette%NetBSD.org@localhost>
date:      Wed Oct 26 06:10:39 2016 +0000

description:
Avoid writing beyond the end of the buffer we were given.

This should actually cure the "stack overflow" reported earlier (and
was worked around by increasing the size of the buffer).

diffstat:

 sys/dev/dev_verbose.c |  10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r 968834a9a82e -r c9303871086a sys/dev/dev_verbose.c
--- a/sys/dev/dev_verbose.c     Wed Oct 26 03:55:56 2016 +0000
+++ b/sys/dev/dev_verbose.c     Wed Oct 26 06:10:39 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $ */
+/*     $NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $ */
 
 /*
  * Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.2 2016/02/03 05:29:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dev_verbose.c,v 1.3 2016/10/26 06:10:39 pgoyette Exp $");
 
 #include <sys/param.h>
 
@@ -41,10 +41,14 @@
     size_t len)
 {
        char *cp = buf;
+       size_t newlen;
 
        buf[0] = '\0';
        for (; *token != 0; token++) {
-               cp = buf + strlcat(buf, words + *token, len - 2);
+               newlen = strlcat(buf, words + *token, len - 2);
+               if (newlen > len - 2)
+                       newlen = len - 2;
+               cp = buf + newlen;
                cp[0] = ' ';
                cp[1] = '\0';
        }