1 files changed, 34 insertions, 0 deletions

diff --git a/net-analyzer/mtr/files/mtr-0.95-fortify-source-3.patch b/net-analyzer/mtr/files/mtr-0.95-fortify-source-3.patch
new file mode 100644
index 000000000000..0c3d593915e4
--- /dev/null
+++ b/net-analyzer/mtr/files/mtr-0.95-fortify-source-3.patch
@@ -0,0 +1,34 @@
+https://bugs.gentoo.org/911389
+https://github.com/traviscross/mtr/pull/468
+https://github.com/traviscross/mtr/commit/a1548b40c0dcf6dd44c5e6906f829e249428436b
+
+From 5908af4c19188cb17b62f23368b6ef462831a0cb Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Tue, 11 Apr 2023 16:05:36 +0200
+Subject: [PATCH] fixed the sizes passed into snprintf
+
+--- a/ui/report.c
++++ b/ui/report.c
+@@ -140,7 +140,7 @@ void report_close(
+             continue;
+ 
+         snprintf(fmt, sizeof(fmt), "%%%ds", data_fields[j].length);
+-        snprintf(buf + len, sizeof(buf), fmt, data_fields[j].title);
++        snprintf(buf + len, sizeof(buf) - len, fmt, data_fields[j].title);
+         len += data_fields[j].length;
+     }
+     printf("%s\n", buf);
+@@ -172,10 +172,10 @@ void report_close(
+ 
+             /* 1000.0 is a temporary hack for stats usec to ms, impacted net_loss. */
+             if (strchr(data_fields[j].format, 'f')) {
+-                snprintf(buf + len, sizeof(buf), data_fields[j].format,
++                snprintf(buf + len, sizeof(buf) - len, data_fields[j].format,
+                          data_fields[j].net_xxx(at) / 1000.0);
+             } else {
+-                snprintf(buf + len, sizeof(buf), data_fields[j].format,
++                snprintf(buf + len, sizeof(buf) - len, data_fields[j].format,
+                          data_fields[j].net_xxx(at));
+             }
+             len += data_fields[j].length;
+