devcons didn't honor length argument for Qdrivers, resulting in a buffer overflow, which could lead to a kernel crash in case of e.g. read /dev/drivers.

the erratic behavior can be easily seen by

 syscall -o read 0 buf 1 < /dev/drivers

that would print the whole table instead of a single byte.


Reference: /n/sources/patch/applied/cons-drivers
Date: Sun Oct  3 16:54:16 CES 2010
Signed-off-by: olegfink@gmail.com

--- /sys/src/9/port/devcons.c	Sun Oct  3 16:51:20 2010
+++ /sys/src/9/port/devcons.c	Sun Oct  3 21:58:49 2010
@@ -936,9 +936,9 @@
 		b = malloc(READSTR);
 		if(b == nil)
 			error(Enomem);
-		n = 0;
+		k = 0;
 		for(i = 0; devtab[i] != nil; i++)
-			n += snprint(b+n, READSTR-n, "#%C %s\n", devtab[i]->dc,  devtab[i]->name);
+			k += snprint(b+k, READSTR-k, "#%C %s\n", devtab[i]->dc,  devtab[i]->name);
 		if(waserror()){
 			free(b);
 			nexterror();