read_fd_link(): don't overrun buf

This is a classical off-by-one error. If sizeof(buf) is 512, the last element is buf[511] but not buf[512]. Reported by Coverity, CID 114624, 114622 etc. Signed-off-by: Kir Kolyshkin <kir@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2025-09-01 06:45:35 +00:00 · 2015-10-07 02:44:17 -07:00
parent 0570dd81d6
commit 377763e5b1
1 changed files with 1 additions and 1 deletions
--- a/util.c
+++ b/util.c
@@ -467,7 +467,7 @@ int read_fd_link(int lfd, char *buf, size_t size)
 		pr_err("Buffer for read link of fd %d is too small\n", lfd);
 		return -1;
 	}
-	buf[ret] = 0;
+	buf[ret - 1] = 0;

 	return ret;
 }