[PATCH 5/5] perf buildid: Fix possible unterminated readlink() result buffer

[Arnaldo Carvalho de Melo]

From: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>

The readlink function doesn't guarantee that a '\0' will be put at the
end of the provided buffer if there is no space left.

No need to do "buf[len] = '\0';" since the buffer is allocated with
zalloc().

Link: http://lkml.kernel.org/r/4E986ABF.9040706@xxxxxxxxxxxxx
Signed-off-by: Thomas Jarosch <thomas.jarosch@xxxxxxxxxxxxx>
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
---
 tools/perf/util/header.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index f2ceb0f..2143a32 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -1289,7 +1289,7 @@ int build_id_cache__remove_s(const char *sbuild_id, const char *debugdir)
 	if (access(linkname, F_OK))
 		goto out_free;
 
-	if (readlink(linkname, filename, size) < 0)
+	if (readlink(linkname, filename, size - 1) < 0)
 		goto out_free;
 
 	if (unlink(linkname))
-- 
1.6.2.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/