From c4aaf8e9d3763985bad2025dc88cd80e6b26af80 Mon Sep 17 00:00:00 2001
From: Robin Krahl <me@robin-krahl.de>
Date: Sun, 11 Feb 2018 20:11:22 +0100
Subject: Null-terminate string before calling strtoul

hex_string_to_byte in misc.cc calls strtoul with a non-null-terminated
string, causing a buffer over-read.  This patch extends the buffer to
always include a null character in the end.

Fixes issue #95.
---
 misc.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/misc.cc b/misc.cc
index 7a54a94..eaaad50 100644
--- a/misc.cc
+++ b/misc.cc
@@ -43,7 +43,8 @@ namespace misc {
     auto data = ::std::vector<uint8_t>();
     data.reserve(d_size);
 
-    char buf[2];
+    char buf[3];
+    buf[2] = '\0';
     for(size_t i=0; i<s_size; i++){
 
         char c = hexString[i];
-- 
cgit v1.2.3