From 7bb2fef0e244220cc3f0f1dfc4317297f158b943 Mon Sep 17 00:00:00 2001
From: suve <veg@svgames.pl>
Date: Tue, 1 Dec 2020 19:59:14 +0100
Subject: [PATCH] Use "%*s" when printing VERSION

The "%s" conversion specifier expects a NUL-terminated string.
However, the VERSION variable does not contain a NUL-terminator,
so formatting it using "%s" may lead to printing whatever happens
to be in memory next to VERSION.

Using "%*s" allows to specify how many characters to print,
thus making sure we don't go off the array.
---
 dumb-init.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dumb-init.c b/dumb-init.c
index e1a2fab..6cdd2c7 100644
--- a/dumb-init.c
+++ b/dumb-init.c
@@ -126,7 +126,7 @@ void handle_signal(int signum) {
 
 void print_help(char *argv[]) {
     fprintf(stderr,
-        "dumb-init v%s"
+        "dumb-init v%*s"
         "Usage: %s [option] command [[arg] ...]\n"
         "\n"
         "dumb-init is a simple process supervisor that forwards signals to children.\n"
@@ -144,7 +144,7 @@ void print_help(char *argv[]) {
         "   -V, --version        Print the current version and exit.\n"
         "\n"
         "Full help is available online at https://github.com/Yelp/dumb-init\n",
-        VERSION,
+        VERSION_len, VERSION,
         argv[0]
     );
 }
@@ -199,7 +199,7 @@ char **parse_command(int argc, char *argv[]) {
                 debug = 1;
                 break;
             case 'V':
-                fprintf(stderr, "dumb-init v%s", VERSION);
+                fprintf(stderr, "dumb-init v%*s", VERSION_len, VERSION);
                 exit(0);
             case 'c':
                 use_setsid = 0;