Do not write past end of inotify event structure.

Bug: 202159709 Test: None yet. Change-Id: If80ed957aaa93c03a97b57e818e7783fa6e38242 (cherry picked from commit ce87c78611)
2021-10-08 12:05:31 -07:00 · 2021-10-08 12:05:31 -07:00 · 187a6ec548
commit 187a6ec548
parent 2a4893e165
1 changed files with 5 additions and 3 deletions
--- a/minui/events.cpp
+++ b/minui/events.cpp
@ -29,7 +29,9 @@

 #include <functional>
 #include <memory>
+#include <string>

+#include <android-base/strings.h>
 #include <android-base/unique_fd.h>

 #include "minui/minui.h"
@ -118,12 +120,12 @@ static int inotify_cb(int fd, __unused uint32_t epevents) {
    }
    offset += sizeof(inotify_event) + pevent->len;

-    pevent->name[pevent->len] = '\0';
-    if (strncmp(pevent->name, "event", 5)) {
+    std::string event_name(pevent->name, pevent->len);
+    if (!android::base::StartsWith(event_name, "event")) {
      continue;
    }

-    android::base::unique_fd dfd(openat(dirfd(dir.get()), pevent->name, O_RDONLY));
+    android::base::unique_fd dfd(openat(dirfd(dir.get()), event_name.c_str(), O_RDONLY));
    if (dfd == -1) {
      break;
    }