Use "%*s" when printing VERSION

The "%s" conversion specifier expects a NUL-terminated string. However, the VERSION variable does not contain a NUL-terminator, so formatting it using "%s" may lead to printing whatever happens to be in memory next to VERSION. Using "%*s" allows to specify how many characters to print, thus making sure we don't go off the array.
2020-12-01 19:59:14 +01:00 · 2020-12-01 19:59:14 +01:00 · 7bb2fef0e2
commit 7bb2fef0e2
parent 2da4dc4591
1 changed files with 3 additions and 3 deletions
--- a/dumb-init.c
+++ b/dumb-init.c
@ -126,7 +126,7 @@ void handle_signal(int signum) {

 void print_help(char *argv[]) {
    fprintf(stderr,
-        "dumb-init v%s"
+        "dumb-init v%*s"
        "Usage: %s [option] command [[arg] ...]\n"
        "\n"
        "dumb-init is a simple process supervisor that forwards signals to children.\n"
@ -144,7 +144,7 @@ void print_help(char *argv[]) {
        "   -V, --version        Print the current version and exit.\n"
        "\n"
        "Full help is available online at https://github.com/Yelp/dumb-init\n",
-        VERSION,
+        VERSION_len, VERSION,
        argv[0]
    );
 }
@ -199,7 +199,7 @@ char **parse_command(int argc, char *argv[]) {
                debug = 1;
                break;
            case 'V':
-                fprintf(stderr, "dumb-init v%s", VERSION);
+                fprintf(stderr, "dumb-init v%*s", VERSION_len, VERSION);
                exit(0);
            case 'c':
                use_setsid = 0;