Description: 
 Use strncpy for COMM_LEN and make it 18 characters to cover brackets in
 name.
 .
 Don't change COMM_LEN; it breaks matching long commands.
Bug-Debian: http://bugs.debian.org/661145
Bug-Ubuntu: https://bugs.launchpad.net/bugs/970638
Author: Craig Small <csmall@debian.org>
Last-Update: 2012-07-12

Index: b/src/comm.h
===================================================================
--- a/src/comm.h
+++ b/src/comm.h
@@ -1,18 +1,36 @@
-/* comm.h - command name length definition */
-
-/* Copyright 1995 Werner Almesberger. See file COPYING for details. */
-
+/*
+ * comm.h - command name length definition 
+ *
+ * Copyright 1995 Werner Almesberger
+ * Copyright 2012 Craig Small <csmall@enc.com.au>
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
 
 #ifndef COMM_H
 #define COMM_H
 
-#if 0				/* broken in 1.3.xx */
-#include <linux/sched.h>
-#define COMM_LEN sizeof(dummy.comm)
-extern struct task_struct dummy;
-#else
-#define COMM_LEN 16		/* synchronize with size of comm in struct task_struct in
-				   /usr/include/linux/sched.h */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
 #endif
 
+/*
+ * COMM_LEN should be the same size as TASK_COMM_LEN in the Linux source
+ * at include/linux/sched.h
+ */
+#define COMM_LEN 16
+
 #endif
Index: b/src/killall.c
===================================================================
--- a/src/killall.c
+++ b/src/killall.c
@@ -135,7 +135,7 @@
    }
    savelocale = setlocale(LC_NUMERIC, NULL);
    setlocale(LC_NUMERIC,"C");
-   if (fscanf(file, "%s", buf) == EOF) perror("uptime");
+   if (fscanf(file, "%2047s", buf) == EOF) perror("uptime");
    fclose(file);
    setlocale(LC_NUMERIC,savelocale);
    return atof(buf);
@@ -768,12 +768,14 @@
     case 'y':
       NOT_PIDOF_OPTION;
       strncpy(yt, optarg, 16);
+	  yt[15] = '\0';
       if ( 0 >= (younger_than = parse_time_units(yt) ) )
 	    usage(_("Invalid time format"));
       break;
     case 'o':
       NOT_PIDOF_OPTION;
       strncpy(ot, optarg, 16);
+	  ot[15] = '\0';
       if ( 0 >= (older_than = parse_time_units(ot) ) )
 	    usage(_("Invalid time format"));
       break;
Index: b/src/pstree.c
===================================================================
--- a/src/pstree.c
+++ b/src/pstree.c
@@ -69,7 +69,7 @@
 #define        VT_HD        "w"
 
 typedef struct _proc {
-    char comm[COMM_LEN + 1];
+    char comm[COMM_LEN + 2 + 1]; /* add another 2 for thread brackets */
     char **argv;                /* only used : argv[0] is 1st arg; undef if argc < 1 */
     int argc;                        /* with -a   : number of arguments, -1 if swapped    */
     pid_t pid;
@@ -264,7 +264,8 @@
         perror("malloc");
         exit(1);
     }
-    strcpy(new->comm, comm);
+    strncpy(new->comm, comm, COMM_LEN+2);
+    new->comm[COMM_LEN+1] = '\0';     /* make sure nul terminated*/
     new->pid = pid;
     new->uid = uid;
     new->flags = 0;
@@ -352,7 +353,8 @@
         this = new_proc(comm, pid, uid);
 #endif                                /*WITH_SELINUX */
     else {
-        strcpy(this->comm, comm);
+        strncpy(this->comm, comm, COMM_LEN+2);
+        this->comm[COMM_LEN+1] = '\0';
         this->uid = uid;
     }
     if (args)
