The current code incorrectly accesses buffer[strlen(buffer)],
which points to the null terminator ('\0') at the end of the
string. This is technically out-of-bounds access since valid
string content ends at index strlen(buffer)-1.

Fix by:
1. Storing strlen() result to avoid redundant calls
2. Adding bounds check (len > 0) to handle empty strings
3. Using buffer[len-1] to correctly access the last character
before the null terminator

Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
---
 tools/mm/slabinfo.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/mm/slabinfo.c b/tools/mm/slabinfo.c
index 1433eff99feb..ac0cc6c1c87e 100644
--- a/tools/mm/slabinfo.c
+++ b/tools/mm/slabinfo.c
@@ -165,8 +165,10 @@ static unsigned long read_obj(const char *name)
 		if (!fgets(buffer, sizeof(buffer), f))
 			buffer[0] = 0;
 		fclose(f);
-		if (buffer[strlen(buffer)] == '\n')
-			buffer[strlen(buffer)] = 0;
+		size_t len = strlen(buffer);
+
+		if (len > 0 && buffer[len - 1] == '\n')
+			buffer[len - 1] = 0;
 	}
 	return strlen(buffer);
 }
-- 
2.34.1