top: be more careful with memcpy length specifications

Using 'mempcpy' was a mistake where plain old 'memcpy' was appropriate. More importantly, the careless length specified resulted in a SEGV under some circumstances. [ namely, it occurred under a multi-threaded top and ] [ the top program itself as focus + CtrlN 'environ'. ] Signed-off-by: Jim Warner <james.warner@comcast.net>
2022-05-17 00:00:00 -05:00 · 2022-05-17 00:00:00 -05:00 · c00d09edf1
commit c00d09edf1
parent 73b4f1134f
1 changed files with 10 additions and 3 deletions
--- a/top/top.c
+++ b/top/top.c
@ -4933,8 +4933,12 @@ static int bot_focus_str (const char *hdr, const char *str) {
   int n, x;

   if (str) {
+      // we're a little careless with overhead here (it's a one time cost)
+      memset(Bot_buf, '\0', sizeof(Bot_buf));
+      n = strlen(str);
+      if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1;
      if (!*str || !strcmp(str, "-")) strcpy(Bot_buf, "n/a");
-      else memccpy(Bot_buf, str, '\0', sizeof(Bot_buf) - 1);
+      else memccpy(Bot_buf, str, '\0', n);
      Bot_rsvd = 1 + BOT_RSVD + (strlen(Bot_buf) / Screen_cols);
      if (Bot_rsvd > maxRSVD) Bot_rsvd = maxRSVD;
      // caller itself may have used fmtmk, so we'll old school it ...
@ -4975,8 +4979,11 @@ static int bot_focus_strv (const char *hdr, const char **strv) {
   int i, n, x;

   if (strv) {
-      // we won't worry about picking up some trailing garbage ...
-      mempcpy(Bot_buf, strv[0], sizeof(Bot_buf));
+      // we're a little careless with overhead here (it's a one time cost)
+      memset(Bot_buf, '\0', sizeof(Bot_buf));
+      n = (void*)&strv[0] - (void*)strv[0];
+      if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1;
+      memcpy(Bot_buf, strv[0], n);
      for (nsav= 0, p = Bot_buf; strv[nsav] != NULL; nsav++) {
         p += strlen(strv[nsav]) + 1;
         if ((p - Bot_buf) >= sizeof(Bot_buf))