Merge "Fixed a buffer overflow issue" into jb-dev
diff --git a/media/jni/mediaeditor/VideoEditorMain.cpp b/media/jni/mediaeditor/VideoEditorMain.cpp
index b0c1c35..41ec120 100755
--- a/media/jni/mediaeditor/VideoEditorMain.cpp
+++ b/media/jni/mediaeditor/VideoEditorMain.cpp
@@ -2623,16 +2623,21 @@
             M4OSA_Char* tmpString =
                 (M4OSA_Char *)videoEditJava_getString(&initialized, pEnv, tempPath,
                 NULL, M4OSA_NULL);
+            M4OSA_UInt32 length = strlen((const char *)tmpString);
+            // Malloc additional 2 bytes for beginning and tail separator.
+            M4OSA_UInt32 pathLength = length + 2;
+
             pContext->initParams.pTempPath = (M4OSA_Char *)
-                 M4OSA_32bitAlignedMalloc(strlen((const char *)tmpString) + 1, 0x0,
-                                                 (M4OSA_Char *)"tempPath");
+                 M4OSA_32bitAlignedMalloc(pathLength, 0x0, (M4OSA_Char *)"tempPath");
+
             //initialize the first char. so that strcat works.
             M4OSA_Char *ptmpChar = (M4OSA_Char*)pContext->initParams.pTempPath;
             ptmpChar[0] = 0x00;
             strncat((char *)pContext->initParams.pTempPath, (const char *)tmpString,
-                (size_t)strlen((const char *)tmpString));
+                length);
             strncat((char *)pContext->initParams.pTempPath, (const char *)"/", (size_t)1);
             free(tmpString);
+            tmpString = NULL;
             pContext->mIsUpdateOverlay = false;
             pContext->mOverlayFileName = NULL;
             pContext->decoders = NULL;