daemon/seccomp: fix out-of-bounds index of syscall_names

The bound used `sizeof(syscall_names)` (byte size of the pointer array)
instead of the entry count, allowing the SIGSYS handler to read up to
`sizeof(char*)-1` entries past the end of the table when an unexpected
syscall number was trapped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index a06065a5d1435be50191e73b17317bf8828446e1..0856ac66a0bf682892106de0a770026012609de4 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -71,7 +71,9 @@ priv_seccomp_trap_handler(int signal, siginfo_t *info, void *vctx)
        /* Log them. Technically, `log_warnx()` is not signal safe, but we are
         * unlikely to reenter here. */
        log_warnx("seccomp", "invalid syscall attempted: %s(%d)",
-           (syscall < sizeof(syscall_names)) ? syscall_names[syscall] : "unknown",
+           (syscall < sizeof(syscall_names) / sizeof(syscall_names[0])) ?
+               syscall_names[syscall] :
+               "unknown",
            syscall);
 
        /* Kill children and exit */