From 5db5341debbfb1230dd7cbff970079790b5e6281 Mon Sep 17 00:00:00 2001
From: Thomas Jarosch <tomj@simonv.com>
Date: Tue, 15 Jan 2013 22:04:18 +0100
Subject: Fix possible readlink() buffer overflow

readlink() might return the full size of the target buffer
and we write a '\0' to the returned length offset.

cppecheck reported:
[rockbox/apps/tagcache.c:4335]: (warning, inconclusive) readlink() might return the full size of 'target'. Lower the supplied size by one.

(the check was actually written by me)

Change-Id: Ibb42f732aa42c38bb6cb92cdccd3e6a0d3aa9b9f
---
 apps/tagcache.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/tagcache.c b/apps/tagcache.c
index 7034cacab4..07d8d1d7a2 100644
--- a/apps/tagcache.c
+++ b/apps/tagcache.c
@@ -4332,7 +4332,7 @@ static bool add_search_root(const char *name)
     static char abs_target[PATH_MAX];
     ssize_t len;
 
-    len = readlink(name, target, sizeof(target));
+    len = readlink(name, target, sizeof(target)-1);
     if (len < 0)
         return false;
 
-- 
cgit v1.2.3