The function readlink does not nul terminate its result string.
safe_readlink is a wrapper for readlinkat, which has the same
behaviour. Therefore, explicitly set '\0' and reserve one byte for it.
---
src/util.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/util.c b/src/util.c
index 82a7e37..4bf969a 100644
--- a/src/util.c
+++ b/src/util.c
@@ -611,9 +611,11 @@ copy_file (char const *from, char const *to, struct stat
*tost,
if (S_ISLNK (mode))
{
char *buffer = xmalloc (PATH_MAX);
+ ssize_t r;
- if (safe_readlink (from, buffer, PATH_MAX) < 0)
+ if ((r = safe_readlink (from, buffer, PATH_MAX - 1)) < 0)
pfatal ("Can't read %s %s", "symbolic link", from);
+ buffer[r] = '\0';
if (safe_symlink (buffer, to) != 0)
pfatal ("Can't create %s %s", "symbolic link", to);
if (tost && safe_lstat (to, tost) != 0)
--
2.4.5
