git: 932c2667d9bc - main - systat: fix stack overflow when running -iostat

From: Mateusz Guzik <mjg_at_FreeBSD.org>
Date: Mon, 01 Nov 2021 23:59:12 UTC
The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=932c2667d9bca62ad5f03757775ebe8aa743cfd8

commit 932c2667d9bca62ad5f03757775ebe8aa743cfd8
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2021-11-01 23:55:47 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2021-11-01 23:57:27 +0000

    systat: fix stack overflow when running -iostat
    
    The new buffer is arbitrarily sized to likely "big enough".
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 usr.bin/systat/iostat.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr.bin/systat/iostat.c b/usr.bin/systat/iostat.c
index 8767a046d81a..e3d577507e08 100644
--- a/usr.bin/systat/iostat.c
+++ b/usr.bin/systat/iostat.c
@@ -185,7 +185,7 @@ static int
 numlabels(int row)
 {
 	int i, _col, regions, ndrives;
-	char tmpstr[10];
+	char tmpstr[32];
 
 #define COLWIDTH	17
 #define DRIVESPERLINE	((getmaxx(wnd) - 1 - INSET) / COLWIDTH)
@@ -211,7 +211,7 @@ numlabels(int row)
 				if (row > getmaxy(wnd) - 1 - (linesperregion + 1))
 					break;
 			}
-			sprintf(tmpstr, "%s%d", dev_select[i].device_name,
+			snprintf(tmpstr, sizeof(tmpstr), "%s%d", dev_select[i].device_name,
 				dev_select[i].unit_number);
 			mvwaddstr(wnd, row, _col + 4, tmpstr);
 			mvwaddstr(wnd, row + 1, _col, "  KB/t tps  MB/s ");
@@ -226,7 +226,7 @@ static int
 barlabels(int row)
 {
 	int i;
-	char tmpstr[10];
+	char tmpstr[32];
 
 	mvwaddstr(wnd, row++, INSET,
 	    "/0%  /10  /20  /30  /40  /50  /60  /70  /80  /90  /100");
@@ -235,7 +235,7 @@ barlabels(int row)
 		if (dev_select[i].selected) {
 			if (row > getmaxy(wnd) - 1 - linesperregion)
 				break;
-			sprintf(tmpstr, "%s%d", dev_select[i].device_name,
+			snprintf(tmpstr, sizeof(tmpstr), "%s%d", dev_select[i].device_name,
 				dev_select[i].unit_number);
 			mvwprintw(wnd, row++, 0, "%-5.5s MB/s|",
 				  tmpstr);