Fix potential buffer overrun in snprintf() calls

When consecutively printing into the same buffer at increasing offset,
reduce buffer size passed to snprintf() to not defeat its size checking.

Signed-off-by: Phil Sutter <phil@nwl.cc>

2 files changed, 3 insertions, 3 deletions

diff --git a/src/process.c b/src/process.c
index 3ddad5f..08598ee 100644
--- a/src/process.c
+++ b/src/process.c
@@ -84,7 +84,7 @@ void fork_process_dump(int fd)
 	int size = 0;
 
 	list_for_each_entry(this, &process_list, head) {
-		size += snprintf(buf+size, sizeof(buf),
+		size += snprintf(buf + size, sizeof(buf) - size,
 				 "PID=%u type=%s\n",
 				 this->pid,
 				 this->type < CTD_PROC_MAX ?
diff --git a/src/queue.c b/src/queue.c
index 76425b1..e94dc7c 100644
--- a/src/queue.c
+++ b/src/queue.c
@@ -69,12 +69,12 @@ void queue_stats_show(int fd)
 	int size = 0;
 	char buf[512];
 
-	size += snprintf(buf+size, sizeof(buf),
+	size += snprintf(buf + size, sizeof(buf) - size,
 			 "allocated queue nodes:\t\t%12u\n\n",
 			 qobjects_num);
 
 	list_for_each_entry(this, &queue_list, list) {
-		size += snprintf(buf+size, sizeof(buf),
+		size += snprintf(buf + size, sizeof(buf) - size,
 				 "queue %s:\n"
 				 "current elements:\t\t%12u\n"
 				 "maximum elements:\t\t%12u\n"