From 99ddb79d9af777d20b4b138f918249a473cbf710 Mon Sep 17 00:00:00 2001 From: Michael Jeanson Date: Mon, 27 Feb 2023 17:35:30 -0500 Subject: [PATCH] fix: 1 byte overflow in UuidView MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The string() method of UuidView allocates a buffer of BT_UUID_STR_LEN bytes and then calls bt_uuid_to_str() that prints a C string of BT_UUID_STR_LEN + 1 bytes (including the terminating null byte ('\0')) which results in a 1 byte overflow. Directly use an std::string instead of a char array, resize it to BT_UUID_STR_LEN which implicitly adds the terminating null byte and then use the data method to write to the underlying C string. Change-Id: Ifa6f0322c219e28dec78b8680763b3126a1e513a Signed-off-by: Michael Jeanson Reviewed-on: https://review.lttng.org/c/babeltrace/+/9594 Tested-by: jenkins Reviewed-by: Jérémie Galarneau --- src/cpp-common/uuid-view.hpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/cpp-common/uuid-view.hpp b/src/cpp-common/uuid-view.hpp index 78116642..31b641e6 100644 --- a/src/cpp-common/uuid-view.hpp +++ b/src/cpp-common/uuid-view.hpp @@ -37,10 +37,12 @@ public: std::string string() const { - std::array buf; + std::string s; - bt_uuid_to_str(_mUuid, buf.data()); - return {buf.data(), buf.size()}; + s.resize(BT_UUID_STR_LEN); + bt_uuid_to_str(_mUuid, s.data()); + + return s; } static std::size_t size() noexcept -- 2.34.1