From aaea8547d6df203ed2cb300eb3573129058d23db Mon Sep 17 00:00:00 2001
From: Visal Vijay <150381094+B2krobbery@users.noreply.github.com>
Date: Sun, 22 Mar 2026 05:09:58 +0530
Subject: [PATCH] xwayland: prevent potential buffer overflow in socket path
 handling (#13797)

---
 src/xwayland/Server.cpp | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/xwayland/Server.cpp b/src/xwayland/Server.cpp
index 1ece7454c..9d40e1c9f 100644
--- a/src/xwayland/Server.cpp
+++ b/src/xwayland/Server.cpp
@@ -138,24 +138,29 @@ static bool openSockets(std::array<CFileDescriptor, 2>& sockets, int display) {
 
 #ifdef __linux__
     if (*CREATEABSTRACTSOCKET) {
-        // cursed...
-        // but is kept as an option for better compatibility
-        addr.sun_path[0] = 0;
+        addr.sun_path[0] = '\0';
         path             = getSocketPath(display, true);
-        strncpy(addr.sun_path + 1, path.c_str(), path.length() + 1);
+
+        strncpy(addr.sun_path + 1, path.c_str(), sizeof(addr.sun_path) - 2);
     } else {
         path = getSocketPath(display, false);
-        strncpy(addr.sun_path, path.c_str(), path.length() + 1);
+
+        strncpy(addr.sun_path, path.c_str(), sizeof(addr.sun_path) - 1);
+        addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
     }
 #else
     if (*CREATEABSTRACTSOCKET) {
         Log::logger->log(Log::WARN, "The abstract XWayland Unix domain socket might be used only on Linux systems. A regular one'll be created instead.");
     }
+
     path = getSocketPath(display, false);
-    strncpy(addr.sun_path, path.c_str(), path.length() + 1);
+
+    strncpy(addr.sun_path, path.c_str(), sizeof(addr.sun_path) - 1);
+    addr.sun_path[sizeof(addr.sun_path) - 1] = '\0';
 #endif
 
     sockets[0] = CFileDescriptor{createSocket(&addr, path.length())};
+
     if (!sockets[0].isValid())
         return false;