From 2142cb0849114f8150f606a36fe4249276108994 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gu=C3=B0ni=20M=C3=A1r=20Gilbert?= <gudni.m.g@gmail.com>
Date: Sat, 23 Apr 2022 18:14:22 +0000
Subject: [PATCH] Fix overwrite in ProgressCode message buffer

When snprintf() if called we need to read the return value to see how
many bytes were written. Then when we call strncpy_P() through
TranslateProgress(), we need to tell the code to start writing
at byte 'len', or &msg[len]. Also we need to update the byte size
which strncpy_P() is allowed to write (64 - len).
---
 Firmware/mmu2.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Firmware/mmu2.cpp b/Firmware/mmu2.cpp
index a0e3408c9..11addd0f7 100644
--- a/Firmware/mmu2.cpp
+++ b/Firmware/mmu2.cpp
@@ -636,10 +636,10 @@ void MMU2::ReportProgress(ProgressCode pc) {
     
     // Log progress - example: MMU2:P=123 EngageIdler
     char msg[64];
-    snprintf(msg, sizeof(msg), "MMU2:P=%hu", (uint16_t)pc);
+    int len = snprintf(msg, sizeof(msg), "MMU2:P=%hu", (uint16_t)pc);
     // Append a human readable form of the progress code
-    TranslateProgress((uint16_t)pc, msg, sizeof(msg));
-    
+    TranslateProgress((uint16_t)pc, &msg[len], 64 - len);
+
     SERIAL_ECHO_START;
     SERIAL_ECHOLN(msg);
 }