top: be more careful with memcpy length specifications <=== port of newlib c00d09ed

______________________________ original newlib message

Using 'mempcpy' was a mistake where plain old 'memcpy'
was appropriate. More importantly, the careless length
specified resulted in a SEGV under some circumstances.

[ namely, it occurred under a multi-threaded top and ]
[ the top program itself as focus + CtrlN 'environ'. ]

Signed-off-by: Jim Warner <james.warner@comcast.net>

1 files changed, 10 insertions, 3 deletions

diff --git a/top/top.c b/top/top.c
index 7e4de53..49016f4 100644
--- a/top/top.c
+++ b/top/top.c
@@ -5116,8 +5116,12 @@ static int bot_focus_str (const char *hdr, const char *str) {
    int n, x;
 
    if (str) {
+      // we're a little careless with overhead here (it's a one time cost)
+      memset(Bot_buf, '\0', sizeof(Bot_buf));
+      n = strlen(str);
+      if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1;
       if (!*str || !strcmp(str, "-")) strcpy(Bot_buf, "n/a");
-      else memccpy(Bot_buf, str, '\0', sizeof(Bot_buf) - 1);
+      else memccpy(Bot_buf, str, '\0', n);
       Bot_rsvd = 1 + BOT_RSVD + (strlen(Bot_buf) / Screen_cols);
       if (Bot_rsvd > maxRSVD) Bot_rsvd = maxRSVD;
       // caller itself may have used fmtmk, so we'll old school it ...
@@ -5158,8 +5162,11 @@ static int bot_focus_strv (const char *hdr, const char **strv) {
    int i, n, x;
 
    if (strv) {
-      // we won't worry about picking up some trailing garbage ...
-      mempcpy(Bot_buf, strv[0], sizeof(Bot_buf));
+      // we're a little careless with overhead here (it's a one time cost)
+      memset(Bot_buf, '\0', sizeof(Bot_buf));
+      n = (void*)&strv[0] - (void*)strv[0];
+      if (n >= sizeof(Bot_buf)) n = sizeof(Bot_buf) - 1;
+      memcpy(Bot_buf, strv[0], n);
       for (nsav= 0, p = Bot_buf; strv[nsav] != NULL; nsav++) {
          p += strlen(strv[nsav]) + 1;
          if ((p - Bot_buf) >= sizeof(Bot_buf))