From 9515fd6545c3002516a4fe6ee269bb1ff2f1de4f Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Sat, 14 Jan 2017 13:42:53 +0000
Subject: [PATCH] rpmio: fix potential buffer overflow in Fdopen

In file included from /usr/include/string.h:648:0,
                 from ../system.h:76,
                 from rpmio.c:6:
In function 'strncat',
    inlined from 'Fdopen' at rpmio.c:3473:5:
/usr/include/bits/string3.h:158:10: warning: call to __builtin___strncat_chk might overflow destination buffer
   return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
---
 rpmio/rpmio.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rpmio/rpmio.c b/rpmio/rpmio.c
index 502a4b5..34e2e0f 100644
--- a/rpmio/rpmio.c
+++ b/rpmio/rpmio.c
@@ -3470,8 +3470,8 @@ fprintf(stderr, "*** Fdopen(%p,%s) %s\n", fd, fmode, fdbg(fd));
     if (stdio[0] == '\0')
 	return NULL;
     zstdio[0] = '\0';
-    strncat(zstdio, stdio, sizeof(zstdio) - strlen(zstdio));
-    strncat(zstdio, other, sizeof(zstdio) - strlen(zstdio));
+    strncat(zstdio, stdio, sizeof(zstdio) - 1 - strlen(zstdio));
+    strncat(zstdio, other, sizeof(zstdio) - 1 - strlen(zstdio));
 
     if (end == NULL && other[0] == '\0')
 	/*@-refcounttrans -retalias@*/ return fd; /*@=refcounttrans =retalias@*/