diff options
author | Elliott Mitchell <ehem+freebsd@m5p.com> | 2022-11-26 16:21:33 +0000 |
---|---|---|
committer | Konstantin Belousov <kib@FreeBSD.org> | 2023-01-20 02:51:13 +0000 |
commit | e5c30ac93055e708e26e075937263608b3eeb17d (patch) | |
tree | 45f64ae2308bc263b7777d2f42d54d748e47bb89 | |
parent | d4d79718496753493f059cb8f2b2e87e0b7019b0 (diff) | |
download | src-e5c30ac93055e708e26e075937263608b3eeb17d.tar.gz src-e5c30ac93055e708e26e075937263608b3eeb17d.zip |
vmstat: fix overflow of interrupt name buffer
sysctl() provides a count of number of bytes in the buffer. That is the
actual buffer length. Whereas looking for an interrupt entry with an
empty name could terminate too early, or overflow the end of the buffer.
The overflow will occur if the table of interrupt names is full.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36628
-rw-r--r-- | usr.bin/vmstat/vmstat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index 07988da9d99d..d007d4f6098f 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1349,7 +1349,7 @@ dointr(unsigned int interval, int reps) /* Determine the length of the longest interrupt name */ intrname = intrnames; istrnamlen = strlen("interrupt"); - while(*intrname != '\0') { + while (intrname < intrnames + inamlen) { clen = strlen(intrname); if (clen > istrnamlen) istrnamlen = clen; |