From b23f1d2c8beec380e594307fc32f70ad2c7635dd Mon Sep 17 00:00:00 2001
From: Joerg Bornemann <joerg.bornemann@theqtcompany.com>
Date: Mon, 8 Jun 2015 10:51:51 +0200
Subject: fix unterminated char buffer glitch

readlink does not append a NUL character to buf. If readlink places
PATH_MAX characters into buf, then an unterminated character buffer
would have been passed to QString::fromUtf8.

Change-Id: Ib1865b8df760fa7da91c3be746dc701a165d93ee
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
---
 src/corelib/io/qlockfile_unix.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/corelib/io/qlockfile_unix.cpp b/src/corelib/io/qlockfile_unix.cpp
index d6ea2f1f2d..6cc590d45f 100644
--- a/src/corelib/io/qlockfile_unix.cpp
+++ b/src/corelib/io/qlockfile_unix.cpp
@@ -223,13 +223,14 @@ QString QLockFilePrivate::processNameByPid(qint64 pid)
     if (!QFile::exists(QStringLiteral("/proc/version")))
         return QString();
     char exePath[64];
-    char buf[PATH_MAX];
-    memset(buf, 0, sizeof(buf));
+    char buf[PATH_MAX + 1];
     sprintf(exePath, "/proc/%lld/exe", pid);
-    if (readlink(exePath, buf, sizeof(buf)) < 0) {
+    size_t len = (size_t)readlink(exePath, buf, sizeof(buf));
+    if (len >= sizeof(buf)) {
         // The pid is gone. Return some invalid process name to fail the test.
         return QStringLiteral("/ERROR/");
     }
+    buf[len] = 0;
     return QFileInfo(QString::fromUtf8(buf)).fileName();
 #elif defined(Q_OS_BSD4) && !defined(Q_OS_IOS)
     kinfo_proc *proc = kinfo_getproc(pid);
-- 
cgit v1.2.3