From 1f63b1236cd63a3ab8e3d1e9e751f3f0e9384922 Mon Sep 17 00:00:00 2001
From: Katz Yamada <kyamada@codeaurora.org>
Date: Sun, 3 Nov 2019 11:45:02 +0200
Subject: [PATCH] msm8976-common: gps: Fix for buffer overrun crash at copying
 nmea string

Add zero clearing of allocated nmea buffer to ensure
the nmea string is null terminated.

Change-Id: I78e8b03bc7d0f9b69e1a51356da379a57a647cad
CRs-Fixed: 2041933
---
 gps/loc_api/libloc_api_50001/loc_eng.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gps/loc_api/libloc_api_50001/loc_eng.cpp b/gps/loc_api/libloc_api_50001/loc_eng.cpp
index 1d83ccb..d37aa8d 100644
--- a/gps/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/gps/loc_api/libloc_api_50001/loc_eng.cpp
@@ -923,9 +923,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {