From 6520589a376bfc7ffbee899e6f689dd6319d2e68 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Fri, 10 Oct 2014 22:06:48 +0200
Subject: TagString: use strndup() for unterminated string

Fixes buffer overflow bug.
---
 src/tag/TagString.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/tag/TagString.cxx')

diff --git a/src/tag/TagString.cxx b/src/tag/TagString.cxx
index 22fbfc0b8..3a0f0b3f5 100644
--- a/src/tag/TagString.cxx
+++ b/src/tag/TagString.cxx
@@ -39,7 +39,7 @@ patch_utf8(const char *src, size_t length, const gchar *end)
 {
 	/* duplicate the string, and replace invalid bytes in that
 	   buffer */
-	char *dest = xstrdup(src);
+	char *dest = xstrndup(src, length);
 
 	do {
 		dest[end - src] = '?';
-- 
cgit v1.2.3