bugfix: stack-buffer-overflow (#19584)

e92bf839 · freemine · GitHub · e11d57d5 · e92bf839
显示空白变更内容
内联并排

Showing with 5 addition and 1 deletion

source/os/src/osSysinfo.c source/os/src/osSysinfo.c +5 -1

未找到文件。
--- a/source/os/src/osSysinfo.c
+++ b/source/os/src/osSysinfo.c
@@ -834,7 +834,11 @@ int32_t taosGetSystemUUID(char *uid, int32_t uidlen) {
  uuid_generate(uuid);
  // it's caller's responsibility to make enough space for `uid`, that's 36-char + 1-null
  uuid_unparse_lower(uuid, buf);
-  memcpy(uid, buf, uidlen);
+  int n = snprintf(uid, uidlen, "%.*s", (int)sizeof(buf), buf);  // though less performance, much safer
+  if (n >= uidlen) {
+    // target buffer is too small
+    return -1;
+  }
  return 0;
 #else
  int len = 0;