AHEX16 is short enough to work as a short string, but output_AHEX() was
treating it as a long string, which caused string data to be dereferenced
as a pointer.
CVE-2017-12958.
See also https://bugzilla.redhat.com/show_bug.cgi?id=
1482429.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12958.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12958.
Found by team OWL337, using the collAFL fuzzer.