From c560dc4405de54afb27357db48cc99773b4d69f0 Mon Sep 17 00:00:00 2001
From: Antonio SJ Musumeci <trapexit@spawn.link>
Date: Tue, 10 Mar 2026 08:57:06 -0500
Subject: [PATCH] Fix buffer overflow in readlink by reserving space for null
 terminator

---
 src/fuse_readlink.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/fuse_readlink.cpp b/src/fuse_readlink.cpp
index fd3bdf50..f8fc6fe9 100644
--- a/src/fuse_readlink.cpp
+++ b/src/fuse_readlink.cpp
@@ -39,7 +39,7 @@ _readlink_core_standard(const fs::path &fullpath_,
 {
   int rv;
 
-  rv = fs::readlink(fullpath_,buf_,size_);
+  rv = fs::readlink(fullpath_,buf_,(size_ - 1));
   if(rv < 0)
     return rv;
 
@@ -65,7 +65,8 @@ _readlink_core_symlinkify(const fs::path &fullpath_,
   if(!symlinkify::can_be_symlink(st,symlinkify_timeout_))
     return ::_readlink_core_standard(fullpath_,buf_,size_);
 
-  strncpy(buf_,fullpath_.c_str(),size_);
+  strncpy(buf_,fullpath_.c_str(),(size_ - 1));
+  buf_[size_ - 1] = '\0';
 
   return 0;
 }