tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

logd: identical check access message data out of range

Browse source 
(cherry pick from commit 22712428b8)

Discovered while running AddressSanitizer, binary events were fed
into logd that were smaller than the binary event string header.
Fix is to check the buffer sizes before performing the memcmp
operation.

Test: compile
Bug: 74574189
Change-Id: Ic01ef6fb0725258d9f39bbdca582ed648a1adc5d
This commit is contained in:
Mark Salyzyn 2018-03-13 11:06:38 -07:00
parent 84379567d3
commit fec2e2c783
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
logd/LogBuffer.cpp
View file

@ -171,7 +171,9 @@ static enum match_type identical(LogBufferElement* elem,
}
// audit message (except sequence number) identical?
if (last->isBinary()) {
if (last->isBinary() &&
(lenl > static_cast<ssize_t>(sizeof(android_log_event_string_t))) &&
(lenr > static_cast<ssize_t>(sizeof(android_log_event_string_t)))) {
if (fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_string_t) -
sizeof(int32_t))) {
return DIFFERENT;