From 0d91e34472d9f2a5d51d4e177e847b71c1b6c8dd Mon Sep 17 00:00:00 2001
From: jmestwa-coder <jmestwa@gmail.com>
Date: Tue, 9 Jun 2026 10:28:34 +0530
Subject: [PATCH] logger: fix off-by-one sscanf width in
 filter_parse_component_name

filter_parse_component_name() builds the sscanf format string with
field width UUID_NAME_MAX_LEN, but a %N[...] conversion writes up to
N characters plus a NUL terminator. comp_name is only
UUID_NAME_MAX_LEN bytes, so a component name of exactly that length
overflows the stack buffer by one byte.

Cap the scan width at UUID_NAME_MAX_LEN - 1 so the terminator always
fits in comp_name.

Signed-off-by: jmestwa-coder <jmestwa@gmail.com>
---
 tools/logger/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/logger/filter.c b/tools/logger/filter.c
index 0943f68d16b2..7a3d53c37246 100644
--- a/tools/logger/filter.c
+++ b/tools/logger/filter.c
@@ -104,7 +104,7 @@ static char *filter_parse_component_name(char *input_str, struct filter_element
 	 */
 	if (strlen(scan_format_string) == 0) {
 		ret = snprintf(scan_format_string, sizeof(scan_format_string),
-				"%%%d[^0-9* ]s", UUID_NAME_MAX_LEN);
+				"%%%d[^0-9* ]s", UUID_NAME_MAX_LEN - 1);
 		if (ret <= 0)
 			return NULL;
 	}