Fix coverity defects: CID 147587

CID 147587: Out-of-bounds read

Future changes may cause an array overrun of 4096 bytes at byte
offset 4096 by dereferencing pointer dstp.  Adding this additional
check ensures correctness.

Reviewed-by: Chunwei Chen <david.chen@osnexus.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: GeLiXin <ge.lixin@zte.com.cn>
Closes #5297

diff --git a/cmd/zed/zed_event.c b/cmd/zed/zed_event.c
index 1a5f15ebfd944d0884960fe87181f7d790edbeb3..b289ebf22dcd6d0bc70756c672d8156342fdd9ca 100644 (file)
--- a/cmd/zed/zed_event.c
+++ b/cmd/zed/zed_event.c
@@ -264,6 +264,13 @@ _zed_event_add_var(uint64_t eid, zed_strings_t *zsp,
        *dstp++ = '=';
        buflen--;
 
+       if (buflen <= 0) {
+               errno = EMSGSIZE;
+               zed_log_msg(LOG_WARNING, "Failed to add %s for eid=%llu: %s",
+                   keybuf, eid, "Exceeded buffer size");
+               return (-1);
+       }
+
        va_start(vargs, fmt);
        n = vsnprintf(dstp, buflen, fmt, vargs);
        va_end(vargs);