[Bug 281160] [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3) return value in function 'mfi_autolearn_period'

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281160

            Bug ID: 281160
           Summary: [PATCH] mfiutil: Fix unsafe assumptions of snprintf(3)
                    return value in function 'mfi_autolearn_period'
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: msl0000023508@gmail.com

Created attachment 253207
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=253207&action=edit
mfiutil-8ee7bd9.diff

The snprintf(3) returns the number of characters that **would have been
written** if size is enough for the result. However the code in question
dangerously assumed that truncation would never happen, by adjusting the
pointer 'tmp' and size 'sz' using snprintf(3) return value, without first
checking whether a truncation happend. (why use snprintf(3) in first place if a
truncation will never happen?)

-- 
You are receiving this mail because:
You are the assignee for the bug.