Index: usr.sbin/kldxref/kldxref.c =================================================================== --- usr.sbin/kldxref/kldxref.c +++ usr.sbin/kldxref/kldxref.c @@ -237,12 +237,16 @@ struct pnp_elt *elt; char *nd; char type[8], key[32]; + char buf[1024]; + size_t ndspace; int off; walker = desc; ep = desc + strlen(desc); off = 0; - nd = *new_desc = malloc(strlen(desc) + 1); + nd = buf; + ndspace = sizeof(buf); + nd[0] = '\0'; if (verbose > 1) printf("Converting %s into a list\n", desc); while (walker < ep) { @@ -336,42 +340,52 @@ off = elt->pe_offset + sizeof(void *); } if (elt->pe_kind & TYPE_PAIRED) { - char *word, *ctx; + char *word, *ctx, type; + int n; for (word = strtok_r(key, "/", &ctx); word; word = strtok_r(NULL, "/", &ctx)) { - sprintf(nd, "%c:%s;", elt->pe_kind & TYPE_FLAGGED ? 'J' : 'I', - word); - nd += strlen(nd); + type = elt->pe_kind & TYPE_FLAGGED ? 'J' : 'I'; + n = snprintf(nd, ndspace, "%c:%s;", type, word); + if (n >= ndspace) + errx(1, "Exhausted space converting " + "description %s", desc); + nd += n; + ndspace -= n; } } else { + char type; + int n; + if (elt->pe_kind & TYPE_FLAGGED) - *nd++ = 'J'; + type = 'J'; else if (elt->pe_kind & TYPE_GE) - *nd++ = 'G'; + type = 'G'; else if (elt->pe_kind & TYPE_LE) - *nd++ = 'L'; + type = 'L'; else if (elt->pe_kind & TYPE_MASK) - *nd++ = 'M'; + type = 'M'; else if (elt->pe_kind & TYPE_INT) - *nd++ = 'I'; + type = 'I'; else if (elt->pe_kind == TYPE_D) - *nd++ = 'D'; + type = 'D'; else if (elt->pe_kind == TYPE_Z || elt->pe_kind == TYPE_E) - *nd++ = 'Z'; + type = 'Z'; else if (elt->pe_kind == TYPE_T) - *nd++ = 'T'; + type = 'T'; else errx(1, "Impossible type %x\n", elt->pe_kind); - *nd++ = ':'; - strcpy(nd, key); - nd += strlen(nd); - *nd++ = ';'; + n = snprintf(nd, ndspace, "%c:%s;", type, key); + if (n >= ndspace) + errx(1, "Exhausted space converting " + "description %s", desc); + nd += n; + ndspace -= n; } } - *nd++ = '\0'; + *new_desc = strdup(buf); return (0); err: errx(1, "Parse error of description string %s", desc);