The function readlink does not nul terminate its result string. safe_readlink is a wrapper for readlinkat, which has the same behaviour. Therefore, explicitly set '\0' and reserve one byte for it. --- src/util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/util.c b/src/util.c index 82a7e37..4bf969a 100644 --- a/src/util.c +++ b/src/util.c @@ -611,9 +611,11 @@ copy_file (char const *from, char const *to, struct stat *tost, if (S_ISLNK (mode)) { char *buffer = xmalloc (PATH_MAX); + ssize_t r; - if (safe_readlink (from, buffer, PATH_MAX) < 0) + if ((r = safe_readlink (from, buffer, PATH_MAX - 1)) < 0) pfatal ("Can't read %s %s", "symbolic link", from); + buffer[r] = '\0'; if (safe_symlink (buffer, to) != 0) pfatal ("Can't create %s %s", "symbolic link", to); if (tost && safe_lstat (to, tost) != 0) -- 2.4.5