lex: Fix parsing of long tokens.

When a token is longer than the built-in 256-byte buffer, a buffer is malloc()'d but it was not properly null-terminated. Found by afl-fuzz. Reported-by: Bhargava Shastry <[email protected]> Signed-off-by: Ben Pfaff <[email protected]> Reviewed-by: Greg Rose <[email protected]>
zzsoszz · Jan 8, 2018 · 7173efa · 7173efa
1 parent 8b54e31
commit 7173efa
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ovn/lib/lex.c b/ovn/lib/lex.c
@@ -89,7 +89,7 @@ lex_token_strcpy(struct lex_token *token, const char *s, size_t length)
                 ? token->buffer
                 : xmalloc(length + 1));
     memcpy(token->s, s, length);
-    token->buffer[length] = '\0';
+    token->s[length] = '\0';
 }
 
 void