From 1a8978697923a95b636027ac67ae7059d81895e7 Mon Sep 17 00:00:00 2001
From: Bill King <bill.king@nokia.com>
Date: Fri, 11 Jun 2010 13:38:38 +1000
Subject: [PATCH] Fix possible string overrun/overcopy situation.

---
 src/libs/utils/process_stub_unix.c | 6 ++++--
 src/libs/utils/process_stub_win.c  | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/libs/utils/process_stub_unix.c b/src/libs/utils/process_stub_unix.c
index a6259ef1572..682d2a2b76a 100644
--- a/src/libs/utils/process_stub_unix.c
+++ b/src/libs/utils/process_stub_unix.c
@@ -110,8 +110,9 @@ int main(int argc, char *argv[])
         perror("Cannot create creator comm socket");
         doExit(3);
     }
+    memset(&sau, 0, sizeof(sau));
     sau.sun_family = AF_UNIX;
-    strcpy(sau.sun_path, argv[ArgSocket]);
+    strncpy(sau.sun_path, argv[ArgSocket], sizeof(sau.sun_path) - 1);
     if (connect(qtcFd, (struct sockaddr *)&sau, sizeof(sau))) {
         fprintf(stderr, "Cannot connect creator comm socket %s: %s\n", sau.sun_path, strerror(errno));
         doExit(1);
@@ -136,7 +137,8 @@ int main(int argc, char *argv[])
         fseek(envFd, 0, SEEK_END);
         size = ftell(envFd);
         rewind(envFd);
-        envdata = malloc(size);
+        envdata = malloc(size + sizeof(char *));
+        envdata[size] = 0;
         if (fread(envdata, 1, size, envFd) != (size_t)size) {
             perror("Failed to read env file");
             doExit(1);
diff --git a/src/libs/utils/process_stub_win.c b/src/libs/utils/process_stub_win.c
index f27fe33da54..0bee1640b7d 100644
--- a/src/libs/utils/process_stub_win.c
+++ b/src/libs/utils/process_stub_win.c
@@ -148,7 +148,8 @@ int main()
         fseek(envFd, 0, SEEK_END);
         size = ftell(envFd);
         rewind(envFd);
-        env = malloc(size);
+        env = malloc(size + sizeof(wchar_t));
+        env[size] = 0;
         if (fread(env, 1, size, envFd) != size) {
             perror("Failed to read env file");
             doExit(1);
-- 
GitLab