Branch: refs/heads/989676 Home: https://github.com/bluez/bluez Commit: 367a0b69567e55c594de81ac566d58272bd68170 https://github.com/bluez/bluez/commit/367a0b69567e55c594de81ac566d58272bd68170 Author: Oliver Chang <ochang@xxxxxxxxxx> Date: 2025-08-10 (Sun, 10 Aug 2025) Changed paths: M src/sdp-xml.c Log Message: ----------- Fix buffer overflow in sdp_xml_parse_uuid128 This was found by OSS-Fuzz. This can be reproduced by running this input: `<uuid value="111111111111111111111111111111111111">` against the harness in https://github.com/google/oss-fuzz/blob/master/projects/bluez/fuzz_xml.c which just calls `sdp_xml_parse_record`. `sdp_xml_parse_uuid` checks that the length of the string is 36 (32 digits + 4 '-' characters) prior to calling `sdp_xml_parse_uuid128`. There's no check preventing this data from being 36 digits (with no "-"), which leads to a buffer overflow in sdp_xml_parse_uuid128. https://issues.oss-fuzz.com/issues/42534847 https://oss-fuzz.com/testcase-detail/5070205940531200 To unsubscribe from these emails, change your notification settings at https://github.com/bluez/bluez/settings/notifications
