snprintf(9) allows NULL string if size is 0. But doing NULL pointer

arithmetic is undefined behavior.  Check that size is positive
before adding to pointer.  While there, use NUL char for string
termination.
found by kubsan; joint work with tobhe@; OK millert@

diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index e2ad6cd..f1d7402 100644 (file)
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: subr_prf.c,v 1.104 2021/06/02 00:39:25 cheloha Exp $  */
+/*     $OpenBSD: subr_prf.c,v 1.105 2022/01/20 17:11:30 bluhm Exp $    */
 /*     $NetBSD: subr_prf.c,v 1.45 1997/10/24 18:14:25 chuck Exp $      */
 
 /*-
@@ -570,14 +570,14 @@ snprintf(char *buf, size_t size, const char *fmt, ...)
        va_list ap;
        char *p;
 
-       p = buf + size - 1;
-       if (size < 1)
-               p = buf;
+       p = buf;
+       if (size > 0)
+               p += size - 1;
        va_start(ap, fmt);
        retval = kprintf(fmt, TOBUFONLY | TOCOUNT, &p, buf, ap);
        va_end(ap);
        if (size > 0)
-               *(p) = 0;       /* null terminate */
+               *p = '\0';      /* null terminate */
        return(retval);
 }