From d3de08179e94241f05425a1fdb3f66b989ca436a Mon Sep 17 00:00:00 2001
From: Jenrry You <jenrryyou@gmail.com>
Date: Thu, 18 May 2023 10:05:31 +0800
Subject: [PATCH] Fix stack buffer overflow issue when calling copy_to_cstr
 (#2253)

---
 src/brpc/input_messenger.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/brpc/input_messenger.cpp b/src/brpc/input_messenger.cpp
index 699f080c0a..1234eef45b 100644
--- a/src/brpc/input_messenger.cpp
+++ b/src/brpc/input_messenger.cpp
@@ -101,7 +101,8 @@ ParseResult InputMessenger::CutInputMessage(
                 return result;
             } else {
                 if (m->_read_buf.size() >= 4) {
-                    char data[PROTO_DUMMY_LEN];
+                    // The length of `data' must be PROTO_DUMMY_LEN + 1 to store extra ending char '\0'
+                    char data[PROTO_DUMMY_LEN + 1];
                     m->_read_buf.copy_to_cstr(data, PROTO_DUMMY_LEN);
                     if (strncmp(data, "RDMA", PROTO_DUMMY_LEN) == 0 &&
                         m->_rdma_state == Socket::RDMA_OFF) {