Use "%*s" when printing VERSION

The "%s" conversion specifier expects a NUL-terminated string. However, the VERSION variable does not contain a NUL-terminator, so formatting it using "%s" may lead to printing whatever happens to be in memory next to VERSION. Using "%*s" allows to specify how many characters to print, thus making sure we don't go off the array.
Yelp · Dec 1, 2020 · 7bb2fef · 7bb2fef
1 parent 2da4dc4
commit 7bb2fef
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/dumb-init.c b/dumb-init.c
@@ -126,7 +126,7 @@ void handle_signal(int signum) {
 
 void print_help(char *argv[]) {
     fprintf(stderr,
-        "dumb-init v%s"
+        "dumb-init v%*s"
         "Usage: %s [option] command [[arg] ...]\n"
         "\n"
         "dumb-init is a simple process supervisor that forwards signals to children.\n"
@@ -144,7 +144,7 @@ void print_help(char *argv[]) {
         "   -V, --version        Print the current version and exit.\n"
         "\n"
         "Full help is available online at https://github.com/Yelp/dumb-init\n",
-        VERSION,
+        VERSION_len, VERSION,
         argv[0]
     );
 }
@@ -199,7 +199,7 @@ char **parse_command(int argc, char *argv[]) {
                 debug = 1;
                 break;
             case 'V':
-                fprintf(stderr, "dumb-init v%s", VERSION);
+                fprintf(stderr, "dumb-init v%*s", VERSION_len, VERSION);
                 exit(0);
             case 'c':
                 use_setsid = 0;