Fix possible buffer overrun in use of readlink(2)

The man page says: readlink() does not append a null byte to buf. It will truncate the contents (to a length of bufsiz characters), in case the buffer is too small to hold all of the contents. [...] RETURN VALUE On success, these calls return the number of bytes placed in buf. So we need to pass size-1 so we'll have room for the NUL byte at the end. Change-Id: I9ccfb451f8dbe39bc1786864fbd4d0f018598e00 Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
author: Thiago Macieira <thiago.macieira@intel.com> 2014-12-15 14:39:51 -0800
committer: Thiago Macieira <thiago.macieira@intel.com> 2014-12-18 03:45:16 +0100
commit: f0ced7e2810202be258eb58ae0a412b2091f7e5f (patch)
tree: 0c57ef677e880421708de3ffe0ce36efc536eba5
parent: 657db9d1aa9cbaee4597fb5326b56f09339f74de (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/qtchooser/main.cpp b/src/qtchooser/main.cpp
index 5e6e9cb..8728f56 100644
--- a/src/qtchooser/main.cpp
+++ b/src/qtchooser/main.cpp
@@ -1,6 +1,6 @@
 /****************************************************************************
 **
-** Copyright (C) 2012 Intel Corporation.
+** Copyright (C) 2014 Intel Corporation.
 ** Contact: http://www.qt-project.org/legal
 **
 ** This file is part of the QtCore module of the Qt Toolkit.
@@ -206,7 +206,7 @@ bool linksBackToSelf(const char *link, const char *target)
 {
 #if !defined(_WIN32) && !defined(__WIN32__)
     char buf[512];
-    int count = readlink(link, buf, sizeof(buf));
+    int count = readlink(link, buf, sizeof(buf) - 1);
     if (count >= 0) {
         buf[count] = '\0';
         if (endsWith(buf, target) == 0) {
author	Thiago Macieira <thiago.macieira@intel.com>	2014-12-15 14:39:51 -0800
committer	Thiago Macieira <thiago.macieira@intel.com>	2014-12-18 03:45:16 +0100
commit	f0ced7e2810202be258eb58ae0a412b2091f7e5f (patch)
tree	0c57ef677e880421708de3ffe0ce36efc536eba5
parent	657db9d1aa9cbaee4597fb5326b56f09339f74de (diff)