From 0bfe708c4b22d901ded1148e5771946568817326 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] vmstat: Prevent out-of-bounds writes in new_header() and
 diskheader().

This does not happen with the default string (" -----timestamp-----"),
but this string is translated (to unknown lengths).
---
 vmstat.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/vmstat.c b/vmstat.c
index 837244ac..e0fe5f60 100644
--- a/vmstat.c
+++ b/vmstat.c
@@ -256,7 +256,10 @@ static void new_header(void)
 		(void) time( &the_time );
 		tm_ptr = localtime( &the_time );
 		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-			timebuf[strlen(timestamp_header) - 1] = '\0';
+			const size_t len = strlen(timestamp_header);
+			if (len >= 1 && len - 1 < sizeof(timebuf)) {
+				timebuf[len - 1] = '\0';
+			}
 		} else {
 			timebuf[0] = '\0';
 		}
@@ -566,7 +569,10 @@ static void diskheader(void)
 		(void) time( &the_time );
 		tm_ptr = localtime( &the_time );
 		if (tm_ptr && strftime(timebuf, sizeof(timebuf), "%Z", tm_ptr)) {
-			timebuf[strlen(timestamp_header) - 1] = '\0';
+			const size_t len = strlen(timestamp_header);
+			if (len >= 1 && len - 1 < sizeof(timebuf)) {
+				timebuf[len - 1] = '\0';
+			}
 		} else {
 			timebuf[0] = '\0';
 		}