From: Sebastien Godard Date: Tue, 24 May 2011 11:46:17 +0000 (+0200) Subject: sar and pidstat: Check that _("Average") string doesn't exceed X-Git-Tag: v10.0.1~5 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a7ae5a673a10e329315bd10f9b9e51d2a9d22369;p=sysstat sar and pidstat: Check that _("Average") string doesn't exceed the size of the timestamp buffer. One could find something like: strcpy(string, _("Average")); in pidstat.c and sar.c. Yet, we don't know whether the translation message for "Average" will fit in target string buffer. Hence we replaced the previous expression with something like: strncpy(string, _("Average"), length_of_string_buffer); string[lenght_of_string_buffer - 1] = '\0'; --- diff --git a/CHANGES b/CHANGES index 864f1ca..e2500d1 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,8 @@ xxxx/xx/xx: Version 10.0.1 - Sebastien Godard (sysstat orange.fr) * sar: Decrease column width for sensor device name (temperature, voltage inputs and fans statistics). * Remove unnecessary arguments from functions in pr_stats.c. + * sar and pidstat: Check that _("Average") string doesn't exceed + the size of the timestamp buffer. * [Ivana Varekova]: Added option -h to iostat. This option makes the device utilization report easier to read with long device names. diff --git a/pidstat.c b/pidstat.c index 672c848..02ce4d3 100644 --- a/pidstat.c +++ b/pidstat.c @@ -1816,7 +1816,8 @@ void write_stats_avg(int curr, int dis) { char string[16]; - strcpy(string, _("Average:")); + strncpy(string, _("Average:"), 16); + string[15] = '\0'; write_stats_core(2, curr, dis, TRUE, string, string); } diff --git a/sar.c b/sar.c index 75df408..07fca43 100644 --- a/sar.c +++ b/sar.c @@ -378,7 +378,8 @@ void write_stats_avg(int curr, int read_from_file, unsigned int act_id) else itv = g_itv; - strcpy(timestamp[curr], _("Average:")); + strncpy(timestamp[curr], _("Average:"), TIMESTAMP_LEN); + timestamp[curr][TIMESTAMP_LEN - 1] = '\0'; strcpy(timestamp[!curr], timestamp[curr]); /* Test stdout */