Fix potential buffer overflow in build_pt_list_cb

Spotted by: Coverity

Fix potential buffer overflow in build_pt_list_cb
Spotted by: Coverity
ad86d5ba · Martin Blix Grydeland · 00762b59 · ad86d5ba
Commit ad86d5ba authored Oct 01, 2013 by Martin Blix Grydeland
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 6 deletions

varnishstat_curses.c bin/varnishstat/varnishstat_curses.c +7 -6

No files found.
--- a/bin/varnishstat/varnishstat_curses.c
+++ b/bin/varnishstat/varnishstat_curses.c
@@ -258,6 +258,7 @@ build_pt_list_cb(void *priv, const struct VSC_point *vpt)
 	struct pt_priv *pt_priv;
 	struct pt *pt;
 	char buf[128];
+	size_t l;

 	if (vpt == NULL)
 		return (0);
@@ -290,16 +291,17 @@ build_pt_list_cb(void *priv, const struct VSC_point *vpt)
 	pt->key = strdup(buf);
 	AN(pt->key);

+	l = sizeof buf;
 	*buf = '\0';
 	if (strcmp(vpt->section->type, "")) {
-		strcat(buf, vpt->section->type);
-		strcat(buf, ".");
+		strncat(buf, vpt->section->type, sizeof buf - strlen(buf) - 1);
+		strncat(buf, ".", sizeof buf - strlen(buf) - 1);
 	}
 	if (strcmp(vpt->section->ident, "")) {
-		strcat(buf, vpt->section->ident);
-		strcat(buf, ".");
+		strncat(buf, vpt->section->ident, sizeof buf - strlen(buf) - 1);
+		strncat(buf, ".", sizeof buf - strlen(buf) - 1);
 	}
-	strcat(buf, vpt->desc->name);
+	strncat(buf, vpt->desc->name, sizeof buf - strlen(buf) - 1);
 	pt->name = strdup(buf);
 	AN(pt->name);

@@ -667,7 +669,6 @@ draw_line_bitmap(WINDOW *w, int y, int x, int X, struct pt *pt)
 			}
 			break;
 		default:
-			x += COLW;
 			break;
 		}
 		col++;