commit | ba9026c71606b75066fb47ed506caa58fc70c44f | [log] [tgz] |
---|---|---|
author | Jonathan Rockway <jrockway@google.com> | Wed Jan 20 15:03:07 2016 -0500 |
committer | Jonathan Rockway <jrockway@google.com> | Wed Feb 24 02:07:44 2016 -0500 |
tree | 14aed9fa334aaeb64149700907e594ad87e3adb5 | |
parent | aca2974054e940a5b09cc7b9658cb3732cbd25f4 [diff] |
Fix a memory overflow in lib/uuid.c:is_base_uuid128. According to the man page, scanf's %[] operator writes to the provided character buffer the number of characters in the capture (1 in this case), as well as a terminating NUL byte. asan agrees that we were trying to write two bytes into one byte of storage. This change makes the temporary buffer large enough to accommodate the NUL.