Fix buffer overrun in adb wait-for-device. Bug: http://b/27444063 (cherry picked from commit 34e560b9a1e44dcfa0c220c9499bbb833a95a2b4) Change-Id: Ic71cb2070f509d76fb4208dbab6711c5dd5e1f62

commit: af3d3b6cd61fc3840a74a0d1b9595cb208ba223c [log] [tgz]
author: Elliott Hughes <enh@google.com> Wed Mar 09 19:28:03 2016 -0800
committer: Elliott Hughes <enh@google.com> Fri Mar 11 08:55:01 2016 -0800
tree: b71395944306de3fae4b8cc9a0f0e9e485436b9e
parent: f236474048ca5522d18aaa7676640a02b3daaf4d [diff]
diff --git a/adb/commandline.cpp b/adb/commandline.cpp
index e522119..5aa878b 100644
--- a/adb/commandline.cpp
+++ b/adb/commandline.cpp

@@ -1029,8 +1029,8 @@
     // TODO: when we have libc++ for Windows, use a regular expression instead.
     // wait-for-((any|local|usb)-)?(bootloader|device|recovery|sideload)
 
-    char type[20];
-    char state[20];
+    char type[20 + 1]; // sscanf's %20[...] doesn't include the NUL.
+    char state[20 + 1];
     int length = 0;
     if (sscanf(service, "wait-for-%20[a-z]-%20[a-z]%n", type, state, &length) < 2 ||
         length != static_cast<int>(strlen(service))) {
commit	af3d3b6cd61fc3840a74a0d1b9595cb208ba223c	[log] [tgz]
author	Elliott Hughes <enh@google.com>	Wed Mar 09 19:28:03 2016 -0800
committer	Elliott Hughes <enh@google.com>	Fri Mar 11 08:55:01 2016 -0800
tree	b71395944306de3fae4b8cc9a0f0e9e485436b9e
parent	f236474048ca5522d18aaa7676640a02b3daaf4d [diff]