From 5ebc4e8f5112f5fb21e19a5db1ce692ae0196d3b Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Thu, 3 Feb 2022 00:05:19 +0000 Subject: [PATCH] lmkd: Fix a potential buffer overflow Prevent that the statement that writes '\0' past the read data can write past the end of the buffer. Bug: 213617178 Test: Compile-tested only. Change-Id: I6922c343a6bcb52dce0b5cf54f09b2850e9dfde2 Signed-off-by: Bart Van Assche --- lmkd.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lmkd.cpp b/lmkd.cpp index 40aa043..7f0ca58 100644 --- a/lmkd.cpp +++ b/lmkd.cpp @@ -835,7 +835,7 @@ static void poll_kernel(int poll_fd) { while (1) { char rd_buf[256]; - int bytes_read = TEMP_FAILURE_RETRY(pread(poll_fd, (void*)rd_buf, sizeof(rd_buf), 0)); + int bytes_read = TEMP_FAILURE_RETRY(pread(poll_fd, (void*)rd_buf, sizeof(rd_buf) - 1, 0)); if (bytes_read <= 0) break; rd_buf[bytes_read] = '\0';