From 3138fafbcd3f41854edb1038e26aaa3f9f958b75 Mon Sep 17 00:00:00 2001
From: Katz Yamada <kyamada@codeaurora.org>
Date: Sun, 7 May 2017 11:22:28 -0700
Subject: [PATCH] msm8974-common: gps: Fix for buffer overrun crash at copying
 nmea string

Add zero clearing of allocated nmea buffer to ensure
the nmea string is null terminated.

Change-Id: Ie36010a7d3eca16dabb3067ae891a94e4b63b10c
CRs-Fixed: 2041933
---
 gps/loc_api/libloc_api_50001/loc_eng.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gps/loc_api/libloc_api_50001/loc_eng.cpp b/gps/loc_api/libloc_api_50001/loc_eng.cpp
index af97c51..0aa1c8b 100644
--- a/gps/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/gps/loc_api/libloc_api_50001/loc_eng.cpp
@@ -891,9 +891,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {