Alexandre Julliard (@julliard) commented about server/sock.c:
+ if (*((struct WS_sockaddr_un *)&addr)->sun_path) + { + char *unix_path = (char *)(params + 1) + params->addr_len; + char unix_path_copy[PATH_MAX]; + send_len -= strlen( unix_path ) + 1; + strcpy(unix_path_copy, unix_path); + if (chdir( dirname( unix_path_copy ) ) == -1) + { + set_error( sock_get_ntstatus( errno ) ); + return; + } + + unix_len = sizeof(unix_addr.un); + unix_addr.un.sun_family = AF_UNIX; + memcpy( unix_addr.un.sun_path, basename( unix_path ), sizeof(unix_addr.un.sun_path) ); + } You can't assume that the path is null-terminated. In fact it shouldn't be, you should use an explicit length instead. Please also avoid using fixed-length buffers and dirname/basename.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/2786#note_46170