From nobody@FreeBSD.org  Thu Apr 24 11:33:24 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id E151B156
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Apr 2014 11:33:24 +0000 (UTC)
Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id CEC861C3E
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Apr 2014 11:33:24 +0000 (UTC)
Received: from cgiserv.freebsd.org ([127.0.1.6])
	by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s3OBXNsD004521
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Apr 2014 11:33:23 GMT
	(envelope-from nobody@cgiserv.freebsd.org)
Received: (from nobody@localhost)
	by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s3OBXNv5004511;
	Thu, 24 Apr 2014 11:33:23 GMT
	(envelope-from nobody)
Message-Id: <201404241133.s3OBXNv5004511@cgiserv.freebsd.org>
Date: Thu, 24 Apr 2014 11:33:23 GMT
From: Henning Petersen <henning.petersen@t-online.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Undefined behavior at line 135 in part_wizard.c (snprintf).
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         188951
>Category:       bin
>Synopsis:       bsdinstall(8): [patch] Undefined behavior at line 135 in part_wizard.c (snprintf).
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 24 11:40:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Sat Apr 26 01:28:18 UTC 2014
>Originator:     Henning Petersen
>Release:        FreeBSD-current
>Organization:
>Environment:
>Description:
Undefined behavior in snprintf found by cppcheck.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- usr.sbin/bsdinstall/partedit/part_wizard.c	(revision 264867)
+++ usr.sbin/bsdinstall/partedit/part_wizard.c	(working copy)
@@ -130,9 +130,13 @@
 				else
 					strcat(diskdesc, " Disk");
 
-				if (desc != NULL)
-					snprintf(diskdesc, sizeof(diskdesc),
-					    "%s <%s>", diskdesc, desc);
+				if (desc != NULL) {
+					size_t len;
+					len = strlen(diskdesc);
+					snprintf(diskdesc + len,
+						 sizeof(diskdesc) - len,
+					    " <%s>", desc);
+				}
 
 				disks[n-1].text = strdup(diskdesc);
 				disks[n-1].help = NULL;


>Release-Note:
>Audit-Trail:
>Unformatted:
