diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2014-12-15 14:39:51 -0800 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2014-12-18 03:45:16 +0100 |
commit | f0ced7e2810202be258eb58ae0a412b2091f7e5f (patch) | |
tree | 0c57ef677e880421708de3ffe0ce36efc536eba5 | |
parent | 657db9d1aa9cbaee4597fb5326b56f09339f74de (diff) |
Fix possible buffer overrun in use of readlink(2)
The man page says:
readlink() does not append a null byte to buf. It will truncate
the contents (to a length of bufsiz characters), in case the
buffer is too small to hold all of the contents.
[...]
RETURN VALUE
On success, these calls return the number of bytes placed in buf.
So we need to pass size-1 so we'll have room for the NUL byte at the
end.
Change-Id: I9ccfb451f8dbe39bc1786864fbd4d0f018598e00
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@theqtcompany.com>
-rw-r--r-- | src/qtchooser/main.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/qtchooser/main.cpp b/src/qtchooser/main.cpp index 5e6e9cb..8728f56 100644 --- a/src/qtchooser/main.cpp +++ b/src/qtchooser/main.cpp @@ -1,6 +1,6 @@ /**************************************************************************** ** -** Copyright (C) 2012 Intel Corporation. +** Copyright (C) 2014 Intel Corporation. ** Contact: http://www.qt-project.org/legal ** ** This file is part of the QtCore module of the Qt Toolkit. @@ -206,7 +206,7 @@ bool linksBackToSelf(const char *link, const char *target) { #if !defined(_WIN32) && !defined(__WIN32__) char buf[512]; - int count = readlink(link, buf, sizeof(buf)); + int count = readlink(link, buf, sizeof(buf) - 1); if (count >= 0) { buf[count] = '\0'; if (endsWith(buf, target) == 0) { |