Fix a memory overflow in lib/uuid.c:is_base_uuid128. According to the man page, scanf's %[] operator writes to the provided character buffer the number of characters in the capture (1 in this case), as well as a terminating NUL byte. asan agrees that we were trying to write two bytes into one byte of storage. This change makes the temporary buffer large enough to accommodate the NUL.

commit: ba9026c71606b75066fb47ed506caa58fc70c44f [log] [tgz]
author: Jonathan Rockway <jrockway@google.com> Wed Jan 20 15:03:07 2016 -0500
committer: Jonathan Rockway <jrockway@google.com> Wed Feb 24 02:07:44 2016 -0500
tree: 14aed9fa334aaeb64149700907e594ad87e3adb5
parent: aca2974054e940a5b09cc7b9658cb3732cbd25f4 [diff]
diff --git a/lib/uuid.c b/lib/uuid.c
index 20b67d0..ac071fa 100644
--- a/lib/uuid.c
+++ b/lib/uuid.c

@@ -183,14 +183,14 @@
 static inline int is_base_uuid128(const char *string)
 {
 	uint16_t uuid;
-	char dummy;
+	char dummy[2];
 
 	if (!is_uuid128(string))
 		return 0;
 
 	return sscanf(string,
 		"0000%04hx-0000-1000-8000-00805%1[fF]9%1[bB]34%1[fF]%1[bB]",
-		&uuid, &dummy, &dummy, &dummy, &dummy) == 5;
+		&uuid, dummy, dummy, dummy, dummy) == 5;
 }
 
 static inline int is_uuid32(const char *string)
commit	ba9026c71606b75066fb47ed506caa58fc70c44f	[log] [tgz]
author	Jonathan Rockway <jrockway@google.com>	Wed Jan 20 15:03:07 2016 -0500
committer	Jonathan Rockway <jrockway@google.com>	Wed Feb 24 02:07:44 2016 -0500
tree	14aed9fa334aaeb64149700907e594ad87e3adb5
parent	aca2974054e940a5b09cc7b9658cb3732cbd25f4 [diff]