From df0ac426f346c711691af59d467cb31ca58b54fd Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Wed, 27 Jul 2022 21:11:41 +0200
Subject: [PATCH] win: fix off-by-1 buffer overrun in uv_exepath() (#3695)

uv_exepath() wrote the nul byte *after* the end of the buffer. It's not
necessary to write said nul byte in the first place because that was a
workaround for a bug in the Windows XP version of GetModuleFileName().

Fix uv_cwd() in the same fashion, it doesn't need the nul byte either.

Fixes: https://github.com/libuv/libuv/issues/3691
---
 src/win/util.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/win/util.c b/src/win/util.c
index 99432053..dd4a747b 100644
--- a/src/win/util.c
+++ b/src/win/util.c
@@ -121,9 +121,6 @@ int uv_exepath(char* buffer, size_t* size_ptr) {
     goto error;
   }
 
-  /* utf16_len contains the length, *not* including the terminating null. */
-  utf16_buffer[utf16_len] = L'\0';
-
   /* Convert to UTF-8 */
   utf8_len = WideCharToMultiByte(CP_UTF8,
                                  0,
@@ -175,9 +172,6 @@ int uv_cwd(char* buffer, size_t* size) {
     return uv_translate_sys_error(GetLastError());
   }
 
-  /* utf16_len contains the length, *not* including the terminating null. */
-  utf16_buffer[utf16_len] = L'\0';
-
   /* The returned directory should not have a trailing slash, unless it points
    * at a drive root, like c:\. Remove it if needed. */
   if (utf16_buffer[utf16_len - 1] == L'\\' &&