On Mon, 2022-08-29 at 12:17 -0500, Benjamin Marzinski wrote: > The code to build the command string calls snprintf() in a loop, > adding > the return value to the start pointer, c. Since snprintf() can return > more characters than it actually printed if it runs out of space, c > can > end up pointing past the end of the command string buffer on > sebsequent > loops. Since the size argument to snprintf() is unsigned, after an > overflow it will be a huge number, instead of a negative one, meaning > that it will continue printing past the end of the buffer. Check for > overflow after each snprintf() to avoid this. > > Signed-off-by: Benjamin Marzinski <bmarzins@xxxxxxxxxx> Reviewed-by: Martin Wilck <mwilck@xxxxxxxx> -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
