When printing the hexdump output, the hex_dump() function prints 5 visible chars at a time, but since it's using sprintf, it will also print a '\0'. Since its output string are sized to be 5*number_of_chars, this means we will overflow the output string by one character on the last iteration. This commit ensures the output strings are properly sized to avoid this. Signed-off-by: Christophe Fergeau <cfergeau@xxxxxxxxxx> --- src/common.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/common.c b/src/common.c index 0e90b0e..b3cd981 100644 --- a/src/common.c +++ b/src/common.c @@ -49,11 +49,16 @@ lebytes2ushort(const unsigned char *buf) } #define MAX_STATIC_BYTES 1024 -static char hexdump_buffer[5*MAX_STATIC_BYTES]; +static char hexdump_buffer[5*MAX_STATIC_BYTES + 1]; /* * Creates printable representation in hexadecimal format of the data * provided in the buf buffer. A static buffer will be used, which * can hold up to 1024 bytes (longer will get truncated). + * + * The dumping loop will print 5 visible characters at a time, but since it's + * using sprintf, we also need to account for the '\0' it appends to the end of + * the string on the last iteration, or we'll overflow the buffer we are + * printing to. */ char * hex_dump(const unsigned char *buf, size_t buflen) -- 2.17.1 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel