From c00d09edf182e65105f2f5090342b3d0fddd4b12 Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Tue, 17 May 2022 00:00:00 -0500 Subject: [PATCH] top: be more careful with memcpy length specifications Using 'mempcpy' was a mistake where plain old 'memcpy' was appropriate. More importantly, the careless length specified resulted in a SEGV under some circumstances. [ namely, it occurred under a multi-threaded top and ] [ the top program itself as focus + CtrlN 'environ'. ] Signed-off-by: Jim Warner --- top/top.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/top/top.c b/top/top.c index 6603f222..87ba96e7 100644 --- a/top/top.c +++ b/top/top.c @@ -4933,8 +4933,12 @@ static int bot_focus_str (const char *hdr, const char *str) { int n, x; if (str) { + // we're a little careless with overhead here (it's a one time cost) + memset(Bot_buf, '\0', sizeof(Bot_buf)); + n = strlen(str); + if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1; if (!*str || !strcmp(str, "-")) strcpy(Bot_buf, "n/a"); - else memccpy(Bot_buf, str, '\0', sizeof(Bot_buf) - 1); + else memccpy(Bot_buf, str, '\0', n); Bot_rsvd = 1 + BOT_RSVD + (strlen(Bot_buf) / Screen_cols); if (Bot_rsvd > maxRSVD) Bot_rsvd = maxRSVD; // caller itself may have used fmtmk, so we'll old school it ... @@ -4975,8 +4979,11 @@ static int bot_focus_strv (const char *hdr, const char **strv) { int i, n, x; if (strv) { - // we won't worry about picking up some trailing garbage ... - mempcpy(Bot_buf, strv[0], sizeof(Bot_buf)); + // we're a little careless with overhead here (it's a one time cost) + memset(Bot_buf, '\0', sizeof(Bot_buf)); + n = (void*)&strv[0] - (void*)strv[0]; + if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1; + memcpy(Bot_buf, strv[0], n); for (nsav= 0, p = Bot_buf; strv[nsav] != NULL; nsav++) { p += strlen(strv[nsav]) + 1; if ((p - Bot_buf) >= sizeof(Bot_buf))