libblkid: fix buffer overflow scanning partition name

If "line" is carefully crafted, sscanf will write 1 byte over ptname.

Bug: 36103037
Change-Id: Ia19e032d7c65edc27373ebccc0a5569f0fa31161
From AOSP commit: 085e63d064620c763a62406a5ff4299bcee1838e

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/lib/blkid/devname.c b/lib/blkid/devname.c
index 671e781f0d981d85d28872b97bfdacd118662f87..444afdc9e69eada3b2e0930cb70b8bdc716dd82c 100644 (file)
--- a/lib/blkid/devname.c
+++ b/lib/blkid/devname.c
@@ -397,7 +397,7 @@ static int probe_all(blkid_cache cache, int only_if_new)
 {
        FILE *proc;
        char line[1024];
-       char ptname0[128], ptname1[128], *ptname = 0;
+       char ptname0[129], ptname1[129], *ptname = 0;
        char *ptnames[2];
        dev_t devs[2];
        int ma, mi;