From d56cb66f346219afafb981052dc34fb081bbdfea Mon Sep 17 00:00:00 2001
From: Tomke Pfoch <pfoch.tomke@gmail.com>
Date: Wed, 6 Sep 2023 01:18:30 +0000
Subject: [PATCH] buffer size upper bound

---
 terminal.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/terminal.c b/terminal.c
index a977461d..a08d85b8 100644
--- a/terminal.c
+++ b/terminal.c
@@ -3303,10 +3303,11 @@ term_spawn_new(const struct terminal *term)
      * by reading the cwd symbolic link in /proc/<SlavePID>/cwd
      */
 
-    char cwd_link[PATH_MAX];
+    /* cwd_link len 10 + floor(log10(2^32))+"-"+"\0" = 10 + 10 + 2 = 22 */
+    char cwd_link[22];
     char cwd[PATH_MAX];
 
-    snprintf(cwd_link, PATH_MAX, "/proc/%d/cwd", term->slave);
+    snprintf(cwd_link, sizeof(cwd_link), "/proc/%d/cwd", term->slave);
     readlink(cwd_link, cwd, PATH_MAX);
 
     return spawn(