From 985137cbff722f68f77bab5119af26eedf4edccb Mon Sep 17 00:00:00 2001
From: Mark Pizzolato <mark@infocomm.com>
Date: Fri, 6 Oct 2023 13:40:11 -1000
Subject: [PATCH] SCP: Avoid reading excess data when putting register values
 into a string

---
 scp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/scp.c b/scp.c
index 4f82d0ea..aeb4b3a3 100644
--- a/scp.c
+++ b/scp.c
@@ -2924,6 +2924,7 @@ free (*tmpname);
 static t_stat sim_snprint_sym (char *buf, size_t bufsize, t_bool vm_flag, t_addr addr, t_value *val, UNIT *uptr, int32 sw, int32 dfltinc, int32 rdx, uint32 width, uint32 fmt)
 {
 t_stat reason;
+size_t str_width;
 size_t s;
 
 rewind (sim_tmpfile);
@@ -2931,9 +2932,15 @@ if (vm_flag || ((reason = fprint_sym (sim_tmpfile, addr, val, uptr, sw)) > 0)) {
     fprint_val (sim_tmpfile, val[0], rdx, width, fmt);
     reason = dfltinc;
     }
+str_width = (size_t)ftell(sim_tmpfile);
+if (str_width > width)
+    str_width = width;
+if (bufsize > str_width)
+    memset (buf + str_width, 0, bufsize - width);
 rewind (sim_tmpfile);
-s = fread (buf, 1, bufsize - 1, sim_tmpfile);
-buf[s] = '\0';
+s = fread (buf, 1, str_width, sim_tmpfile);
+if (s < bufsize)
+    buf[s] = '\0';
 return reason;
 }