kdb: Fix buffer overflow during tab-complete

[linux-2.6-block.git] / kernel / debug / kdb / kdb_io.c

diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
index 9443bc63c5a245548a1390ee85dd096091649607..06dfbccb103368a240a1725591778da07bc4c88b 100644 (file)
--- a/kernel/debug/kdb/kdb_io.c
+++ b/kernel/debug/kdb/kdb_io.c
@@ -367,14 +367,19 @@ poll_again:
                        kdb_printf(kdb_prompt_str);
                        kdb_printf("%s", buffer);
                } else if (tab != 2 && count > 0) {
-                       len_tmp = strlen(p_tmp);
-                       strncpy(p_tmp+len_tmp, cp, lastchar-cp+1);
-                       len_tmp = strlen(p_tmp);
-                       strncpy(cp, p_tmp+len, len_tmp-len + 1);
-                       len = len_tmp - len;
-                       kdb_printf("%s", cp);
-                       cp += len;
-                       lastchar += len;
+                       /* How many new characters do we want from tmpbuffer? */
+                       len_tmp = strlen(p_tmp) - len;
+                       if (lastchar + len_tmp >= bufend)
+                               len_tmp = bufend - lastchar;
+
+                       if (len_tmp) {
+                               /* + 1 ensures the '\0' is memmove'd */
+                               memmove(cp+len_tmp, cp, (lastchar-cp) + 1);
+                               memcpy(cp, p_tmp+len, len_tmp);
+                               kdb_printf("%s", cp);
+                               cp += len_tmp;
+                               lastchar += len_tmp;
+                       }
                }
                kdb_nextline = 1; /* reset output line number */
                break;