Skip to content

Fix UUID generation to guarantee full buffer fill using rand.Read #3249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix UUID generation to guarantee full buffer fill using rand.Read #3249

wants to merge 2 commits into from
+1 −1

Conversation

Copy link
Contributor

Copilot AI commented Oct 8, 2025
edited
Loading

Problem

The UUID generation code in common/uuid.go was using rand.Reader.Read() to fill the UUID buffer with random bytes. However, io.Reader.Read() does not guarantee that the entire buffer will be filled - it can return a short read without an error, potentially leaving parts of the UUID buffer uninitialized.

Solution

This PR replaces rand.Reader.Read(uuid) with rand.Read(uuid) in the NewUUID() function.

According to the Go documentation, rand.Read():

  • Calls io.ReadFull() on rand.Reader internally
  • Guarantees to fill the entire buffer completely
  • Never returns an error (it panics on failure instead)
  • Is the recommended way to get cryptographically secure random bytes

This matches our existing error handling behavior and ensures the UUID buffer is always completely filled with random data.

Changes

File: common/uuid.go

  • Line 29: Changed from _, err := rand.Reader.Read(uuid) to _, err := rand.Read(uuid)

Testing

  • ✅ All existing UUID tests pass (TestGUIDGenerationAndParsing)
  • ✅ Common package tests verified
  • ✅ Manually verified UUID generation produces valid, properly formatted UUIDs
  • ✅ No other code in the repository affected by this change

Fixes the issue raised in #[issue_number] regarding rand.Reader.Read vs rand.Read.

Original prompt

This section details on the original issue you should resolve

<issue_title>rand.Reader.Read vs rand.Read</issue_title>
<issue_description>Looking at the code in uuid.go (

azure-storage-azcopy/common/uuid.go

Line 29 in ec6313b

_, err := rand.Reader.Read(uuid)
):

I think it would be better to use something like:

_, err := io.ReadFull(rand.Reader, uuid)

or

_, err := rand.Read(uuid)

To guarantee filling the buffer (or returns a non-nil error)</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes #3248

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@wonwuakpa-msft
Fix UUID generation to guarantee full buffer fill
6542e30 
Replace rand.Reader.Read() with rand.Read() to ensure the entire
UUID buffer is filled. The rand.Read() function guarantees to fill
the buffer completely or panic, which matches our existing error
handling behavior.

Fixes issue with rand.Reader.Read vs rand.Read

Co-authored-by: wonwuakpa-msft <177143969+wonwuakpa-msft@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix random number generation in UUID implementation Fix UUID generation to guarantee full buffer fill using rand.Read Oct 8, 2025
Copilot AI requested a review from wonwuakpa-msft October 8, 2025 16:25
Copilot finished work on behalf of wonwuakpa-msft October 8, 2025 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wonwuakpa-msft wonwuakpa-msft Awaiting requested review from wonwuakpa-msft wonwuakpa-msft is a code owner

@gapra-msft gapra-msft Awaiting requested review from gapra-msft gapra-msft will be requested when the pull request is marked ready for review gapra-msft is a code owner

@adreed-msft adreed-msft Awaiting requested review from adreed-msft adreed-msft will be requested when the pull request is marked ready for review adreed-msft is a code owner

@dphulkar-msft dphulkar-msft Awaiting requested review from dphulkar-msft dphulkar-msft will be requested when the pull request is marked ready for review dphulkar-msft is a code owner

@vibhansa-msft vibhansa-msft Awaiting requested review from vibhansa-msft vibhansa-msft will be requested when the pull request is marked ready for review vibhansa-msft is a code owner

@seanmcc-msft seanmcc-msft Awaiting requested review from seanmcc-msft seanmcc-msft will be requested when the pull request is marked ready for review seanmcc-msft is a code owner

@souravgupta-msft souravgupta-msft Awaiting requested review from souravgupta-msft souravgupta-msft will be requested when the pull request is marked ready for review souravgupta-msft is a code owner

@tanyasethi-msft tanyasethi-msft Awaiting requested review from tanyasethi-msft tanyasethi-msft will be requested when the pull request is marked ready for review tanyasethi-msft is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@wonwuakpa-msft wonwuakpa-msft

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

rand.Reader.Read vs rand.Read

2 participants

@wonwuakpa-msft