Prevent out of bounds write.

read() could write up to PATH_MAX chars to array
and return it as res, then we write to this array at res
position which is out of bound index.
exepath[res] = '\0';
sizeof(exepath) is equal to res, so it is out of bounds write.

Change-Id: I1c1a2f00998933e5ff7bc17409ea6a228b21475c
Signed-off-by: Ernest Borowski <e.borowski@samsung.com>

diff --git a/src/client-api/dumpsys-user.c b/src/client-api/dumpsys-user.c
index 54a5ee2..453491d 100644 (file)
--- a/src/client-api/dumpsys-user.c
+++ b/src/client-api/dumpsys-user.c
@@ -93,7 +93,7 @@ static bool get_exepath(char *exepath, int len)
 
        ssize_t res;
 
-       if ((res = read(fd, exepath, len)) == -1) {
+       if ((res = read(fd, exepath, len - 1)) == -1) {
                LOGE("read() cmdline error: %m\n");
                close(fd);
                return false;