From d33a490cccf879d6200e81ae59a50346d901135b Mon Sep 17 00:00:00 2001
From: Konstantin Osipov <kostja@tarantool.org>
Date: Wed, 8 Apr 2015 21:01:12 +0300
Subject: [PATCH] gh-780 (Tarantool segfaults)

Fix a crash due to memory corruption in fio.dirname().
A test case would test nothing since the corrupted Lua heap
doesn't crash on you immediately..

fio.dirname() is tested in fio.test.lua
---
 src/lua/fio.lua         | 2 +-
 src/util.cc             | 2 +-
 third_party/proctitle.c | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lua/fio.lua b/src/lua/fio.lua
index 9f6b10d92f..ee6d46bae1 100644
--- a/src/lua/fio.lua
+++ b/src/lua/fio.lua
@@ -210,7 +210,7 @@ fio.dirname = function(path)
         return nil
     end
     path = tostring(path)
-    path = ffi.new('char[?]', #path, path)
+    path = ffi.new('char[?]', #path + 1, path)
     return ffi.string(ffi.C.dirname(path))
 end
 
diff --git a/src/util.cc b/src/util.cc
index 0e2165f650..574f6c5b7a 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -364,7 +364,7 @@ abspath(const char *filename)
 	if (filename[0] == '/')
 		return strdup(filename);
 
-	char *abspath = (char *) malloc(PATH_MAX);
+	char *abspath = (char *) malloc(PATH_MAX + 1);
 	if (abspath == NULL)
 		return NULL;
 
diff --git a/third_party/proctitle.c b/third_party/proctitle.c
index 92eca759c1..2e7009a695 100644
--- a/third_party/proctitle.c
+++ b/third_party/proctitle.c
@@ -220,7 +220,7 @@ init_set_proc_title(int argc, char **argv)
 	ps_buffer_fixed_size = 0;
 #else
 	{
-		char basename_buf[PATH_MAX];
+		char basename_buf[PATH_MAX+1];
 
 		/*
 		 * At least partially mimic FreeBSD, which for
@@ -228,7 +228,7 @@ init_set_proc_title(int argc, char **argv)
 		 *
 		 * a.out: custom title here (a.out)
 	         */
-		snprintf(basename_buf, sizeof basename_buf, "%s", argv[0]);
+		snprintf(basename_buf, PATH_MAX, "%s", argv[0]);
 		snprintf(ps_buffer, ps_buffer_size, "%s: ", basename(basename_buf));
 	}
 
-- 
GitLab