diff --git a/src/add-ons/kernel/bus_managers/acpi/acpi_ns_dump.c b/src/add-ons/kernel/bus_managers/acpi/acpi_ns_dump.c index d436254fa3..4fe6de3f55 100644 --- a/src/add-ons/kernel/bus_managers/acpi/acpi_ns_dump.c +++ b/src/add-ons/kernel/bus_managers/acpi/acpi_ns_dump.c @@ -20,7 +20,8 @@ typedef struct acpi_ns_device_info { static void -dump_acpi_namespace(acpi_ns_device_info *device, char *root, void *buf, size_t* num_bytes, int indenting) { +dump_acpi_namespace(acpi_ns_device_info *device, char *root, void *buf, size_t* num_bytes, int indenting) +{ char result[255]; char output[255]; char tabs[255]; @@ -89,8 +90,9 @@ dump_acpi_namespace(acpi_ns_device_info *device, char *root, void *buf, size_t* sprintf(output, "%s BUFFER_FIELD", output); break; } - sprintf(output, "%s\n", output); - + // TODO: This is obviously broken! + // We should respect "*num_bytes", otherwise + // we could have a buffer overflow. See ticket #2786 sprintf((buf + *num_bytes), "%s", output); *num_bytes += strlen(output);