From 2820febaff92f6575dea15adb60f6a45f4c2e986 Mon Sep 17 00:00:00 2001
From: Dmitry-Me <wipedout@yandex.ru>
Date: Mon, 21 Aug 2017 18:25:12 +0300
Subject: [PATCH] Resolve CID 1379700

Ensure the string is null-terminated
---
 cli/threadexecutor.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cli/threadexecutor.cpp b/cli/threadexecutor.cpp
index f8c789972..4f4068123 100644
--- a/cli/threadexecutor.cpp
+++ b/cli/threadexecutor.cpp
@@ -102,11 +102,15 @@ int ThreadExecutor::handleRead(int rpipe, unsigned int &result)
         std::exit(0);
     }
 
-    char *buf = new char[len];
-    if (read(rpipe, buf, len) <= 0) {
+    // Don't rely on incoming data being null-terminated.
+    // Allocate +1 element and null-terminate the buffer.
+    char *buf = new char[len + 1];
+    const ssize_t readIntoBuf = read(rpipe, buf, len);
+    if (readIntoBuf <= 0) {
         std::cerr << "#### You found a bug from cppcheck.\nThreadExecutor::handleRead error, type was:" << type << std::endl;
         std::exit(0);
     }
+    buf[readIntoBuf] = 0;
 
     if (type == REPORT_OUT) {
         _errorLogger.reportOut(buf);