From: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> Readlink can return the total length of the buffer (here 4096), so we do not want to dereference target[4096] as that would give an off by one error. Signed-off-by: Philippe De Swert <philippe.deswert@xxxxxxxxxxxxxxx> --- src/usbg.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/usbg.c b/src/usbg.c index d73943c..c226731 100644 --- a/src/usbg.c +++ b/src/usbg.c @@ -856,9 +856,10 @@ static int usbg_parse_config_binding(usbg_config *c, char *bpath, goto out; } - /* readlink() don't add this, - * so we have to do it manually */ - target[nmb] = '\0'; + /* readlink() doesn't add this, so we have to do it manually, + * we need to take care to not overrun as readlink can return + * the maximum buffer and have a off-by-one error */ + target[nmb-1] = '\0'; /* Target contains a full path * but we need only function dir name */ target_name = strrchr(target, '/') + 1; -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
