tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

lmkd: Protect against buffer overflow

Browse source 
We're passing a 'line' whose backing buffer is PAGE_MAX in size
into memory_stat_parse_line().  We protect overflowing the smaller
LINE_MAX 'key' buffer via some C preprocessing macros to assure
we limit the size.

Test: Local build with LMKD_LOG_STATS set for this file.
Bug: 76220622
Merged-In: I9e50d4270f7099e37a9bfc7fb9b9b95cc7adb086
Change-Id: I9e50d4270f7099e37a9bfc7fb9b9b95cc7adb086
This commit is contained in:
Greg Kaiser 2018-03-23 14:16:12 -07:00
parent 677bed578e
commit d6d847142b
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lmkd/lmkd.c
View file

@ -75,6 +75,9 @@
#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
#define EIGHT_MEGA (1 << 23)
#define STRINGIFY(x) STRINGIFY_INTERNAL(x)
#define STRINGIFY_INTERNAL(x) #x
/* default to old in-kernel interface if no memory pressure events */
static int use_inkernel_interface = 1;
static bool has_inkernel_module;
@ -555,10 +558,10 @@ static void ctrl_connect_handler(int data __unused, uint32_t events __unused) {
#ifdef LMKD_LOG_STATS
static void memory_stat_parse_line(char *line, struct memory_stat *mem_st) {
char key[LINE_MAX];
char key[LINE_MAX + 1];
int64_t value;
sscanf(line,"%s %" SCNd64 "", key, &value);
sscanf(line, "%" STRINGIFY(LINE_MAX) "s %" SCNd64 "", key, &value);
if (strcmp(key, "total_") < 0) {
return;