From 08092a9b8f210ec62e8fc441803c5ac3a0debe84 Mon Sep 17 00:00:00 2001
From: Daichi GOTO <daichi@FreeBSD.org>
Date: Fri, 27 Jul 2018 07:05:50 +0000
Subject: [PATCH] top(1): fix a buffer overflow copying states to display while
 they were incremented

  - fix an AddressSanitizer error

Submitted by:	devnexen@gmail.com
Reviewed by:	eadler
Approved by:	gnn (mentor)
Differential Revision:	https://reviews.freebsd.org/D16183
---
 usr.bin/top/display.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/usr.bin/top/display.c b/usr.bin/top/display.c
index ed56b3bfef75..8c82f7e8f0fb 100644
--- a/usr.bin/top/display.c
+++ b/usr.bin/top/display.c
@@ -420,6 +420,7 @@ i_cpustates(int *states)
     int value;
     const char * const *names;
     const char *thisname;
+    int *hstates = states;
     int cpu;
 
 for (cpu = 0; cpu < num_cpus; cpu++) {
@@ -453,6 +454,7 @@ for (cpu = 0; cpu < num_cpus; cpu++) {
 }
 
     /* copy over values into "last" array */
+    states = hstates;
     memcpy(lcpustates, states, num_cpustates * sizeof(int) * num_cpus);
 }
 
@@ -462,6 +464,7 @@ u_cpustates(int *states)
     int value;
     const char * const *names;
     const char *thisname;
+    int *hstates = states;
     int *lp;
     int *colp;
     int cpu;
@@ -504,6 +507,8 @@ for (cpu = 0; cpu < num_cpus; cpu++) {
 	colp++;
     }
 }
+
+    states = hstates;
 }
 
 void