UNICODE_STRING::Length field means size of buffer in bytes[1], despite of buffer itself being array of wchar_t. Because of that terminating zero is placed twice as far. Fix it. [1] https://msdn.microsoft.com/en-us/library/windows/desktop/aa380518.aspx Signed-off-by: Max Kirillov <max@xxxxxxxxxx> --- Access outside of buffer was very unlikely (for that user needed to redirect standard fd to a file with path longer than ~250 symbols), it still did not seem to do any harm, and otherwise it did not break because only substring is checked, but it was still incorrect. compat/winansi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compat/winansi.c b/compat/winansi.c index 3be60ce..6b4f736 100644 --- a/compat/winansi.c +++ b/compat/winansi.c @@ -553,7 +553,7 @@ static void detect_msys_tty(int fd) buffer, sizeof(buffer) - 2, &result))) return; name = nameinfo->Name.Buffer; - name[nameinfo->Name.Length] = 0; + name[nameinfo->Name.Length / sizeof(*name)] = 0; /* check if this could be a MSYS2 pty pipe ('msys-XXXX-ptyN-XX') */ if (!wcsstr(name, L"msys-") || !wcsstr(name, L"-pty")) -- 2.3.4.2801.g3d0809b