0125-vmstat: Prevent out-of-bounds writes in new_header() and diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).

Signed-off-by: Craig Small <csmall@enc.com.au>

diff --git a/vmstat.c b/vmstat.c
index 6eaf73660a51eea3ddd8ef3fbf7b7aa6a8523467..b46812a2cacfe28aea40e81cd5e1b503e667de35 100644 (file)
--- a/vmstat.c
+++ b/vmstat.c
@@ -303,7 +303,10 @@ static void new_header(void)
         (void) time( &the_time );
         tm_ptr = localtime( &the_time );
                if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-            timebuf[strlen(timestamp_header) - 1] = '\0';
+                       const size_t len = strlen(timestamp_header);
+                       if (len >= 1 && len - 1 < sizeof(timebuf)) {
+                               timebuf[len - 1] = '\0';
+                       }
         } else {
             timebuf[0] = '\0';
         }
@@ -617,7 +620,10 @@ static void diskheader(void)
         (void) time( &the_time );
         tm_ptr = localtime( &the_time );
                if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-            timebuf[strlen(timestamp_header) - 1] = '\0';
+                       const size_t len = strlen(timestamp_header);
+                       if (len >= 1 && len - 1 < sizeof(timebuf)) {
+                               timebuf[len - 1] = '\0';
+                       }
         } else {
             timebuf[0] = '\0';
         }