cve/meltdown: use the snprintf function to prevent buffer overflow

[KunWuChan]

Use the snprintf function instead of sprintf in the meltdown.c file to prevent buffer overflow. Cause the length of the release in a struct utsname is unspecified.

struct utsname { char sysname[]; / Operating system name (e.g., "Linux") / char nodename[]; / Name within communications network to which the node is attached, if any / char release[]; / Operating system release (e.g., "2.6.28") / char version[]; / Operating system version / char machine[]; / Hardware type identifier /

ifdef _GNU_SOURCE

           char domainname[]; /* NIS or YP domain name */
       #endif
       };

Signed-off-by: Kunwu Chan chentao@kylinos.cn

[richiejp]

It appears that the struct member in question has its length specified by the libc implementation and can be accessed with sizeof. This is stated in the man page.