a98fa52ec6
We convert a string like "W32:vendor/device" into "I:vendor;I:device", where the output is longer than the input, but only allocate space equal to the length of the input, leading to a buffer overflow. Instead use open_memstream so we get a safe dynamically-grown buffer. Found by: CHERI Reviewed by: imp, jhb (mentor) Approved by: imp, jhb (mentor) Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D26637