vmstat: Prevent out-of-bounds writes in new_header() and diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).

diff --git a/vmstat.c b/vmstat.c
index 837244ac836b1516d18db15d5be223dd09a8aed8..e0fe5f604a8491f68b8fa8246e2697a7b4f2a355 100644 (file)
--- a/vmstat.c
+++ b/vmstat.c
@@ -256,7 +256,10 @@ static void new_header(void)
                (void) time( &the_time );
                tm_ptr = localtime( &the_time );
                if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-                       timebuf[strlen(timestamp_header) - 1] = '\0';
+                       const size_t len = strlen(timestamp_header);
+                       if (len >= 1 && len - 1 < sizeof(timebuf)) {
+                               timebuf[len - 1] = '\0';
+                       }
                } else {
                        timebuf[0] = '\0';
                }
@@ -566,7 +569,10 @@ static void diskheader(void)
                (void) time( &the_time );
                tm_ptr = localtime( &the_time );
                if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-                       timebuf[strlen(timestamp_header) - 1] = '\0';
+                       const size_t len = strlen(timestamp_header);
+                       if (len >= 1 && len - 1 < sizeof(timebuf)) {
+                               timebuf[len - 1] = '\0';
+                       }
                } else {
                        timebuf[0] = '\0';
                }