aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTao Bao2017-09-07 15:38:51 -0500
committerTao Bao2017-09-08 12:50:07 -0500
commite15d7a5104978cd8399501636aec0df9c1a4823c (patch)
tree7687f86225f3725f505c6ee1d3f59e21d041c40b /screen_ui.cpp
parent8c753f62538b2008e726c66def9bf47aeed7afe1 (diff)
downloadplatform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.tar.gz
platform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.tar.xz
platform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.zip
ui: Manage menu_ with std::vector.
Prior to this CL, menu_ is allocated with a fixed length of text_rows_. However, because we support scrollable menu in wear_ui, there might be more menu entries than text_rows_, which would lead to out-of-bounds array access. This CL addresses the issue by switching to std::vector. Bug: 65416558 Test: Run 'View recovery logs' on angler. Test: Set large margin height that leaves text_rows less than 21. Then run 'View recovery logs' with 21 menu entries. Change-Id: I5d4e3a0a097039e1104eda7d494c6269053dc894
Diffstat (limited to 'screen_ui.cpp')
-rw-r--r--screen_ui.cpp16
1 files changed, 7 insertions, 9 deletions
diff --git a/screen_ui.cpp b/screen_ui.cpp
index 5c93b667..b8f6ea28 100644
--- a/screen_ui.cpp
+++ b/screen_ui.cpp
@@ -69,7 +69,7 @@ ScreenRecoveryUI::ScreenRecoveryUI()
69 text_top_(0), 69 text_top_(0),
70 show_text(false), 70 show_text(false),
71 show_text_ever(false), 71 show_text_ever(false),
72 menu_(nullptr), 72 menu_headers_(nullptr),
73 show_menu(false), 73 show_menu(false),
74 menu_items(0), 74 menu_items(0),
75 menu_sel(0), 75 menu_sel(0),
@@ -356,10 +356,10 @@ void ScreenRecoveryUI::draw_screen_locked() {
356 DrawHighlightBar(0, y - 2, gr_fb_width(), char_height_ + 4); 356 DrawHighlightBar(0, y - 2, gr_fb_width(), char_height_ + 4);
357 // Bold white text for the selected item. 357 // Bold white text for the selected item.
358 SetColor(MENU_SEL_FG); 358 SetColor(MENU_SEL_FG);
359 y += DrawTextLine(x, y, menu_[i], true); 359 y += DrawTextLine(x, y, menu_[i].c_str(), true);
360 SetColor(MENU); 360 SetColor(MENU);
361 } else { 361 } else {
362 y += DrawTextLine(x, y, menu_[i], false); 362 y += DrawTextLine(x, y, menu_[i].c_str(), false);
363 } 363 }
364 } 364 }
365 y += DrawHorizontalRule(y); 365 y += DrawHorizontalRule(y);
@@ -508,7 +508,6 @@ bool ScreenRecoveryUI::Init(const std::string& locale) {
508 508
509 text_ = Alloc2d(text_rows_, text_cols_ + 1); 509 text_ = Alloc2d(text_rows_, text_cols_ + 1);
510 file_viewer_text_ = Alloc2d(text_rows_, text_cols_ + 1); 510 file_viewer_text_ = Alloc2d(text_rows_, text_cols_ + 1);
511 menu_ = Alloc2d(text_rows_, text_cols_ + 1);
512 511
513 text_col_ = text_row_ = 0; 512 text_col_ = text_row_ = 0;
514 text_top_ = 1; 513 text_top_ = 1;
@@ -771,12 +770,11 @@ void ScreenRecoveryUI::StartMenu(const char* const* headers, const char* const*
771 pthread_mutex_lock(&updateMutex); 770 pthread_mutex_lock(&updateMutex);
772 if (text_rows_ > 0 && text_cols_ > 0) { 771 if (text_rows_ > 0 && text_cols_ > 0) {
773 menu_headers_ = headers; 772 menu_headers_ = headers;
774 size_t i = 0; 773 menu_.clear();
775 for (; i < text_rows_ && items[i] != nullptr; ++i) { 774 for (size_t i = 0; i < text_rows_ && items[i] != nullptr; ++i) {
776 strncpy(menu_[i], items[i], text_cols_ - 1); 775 menu_.emplace_back(std::string(items[i], strnlen(items[i], text_cols_ - 1)));
777 menu_[i][text_cols_ - 1] = '\0';
778 } 776 }
779 menu_items = i; 777 menu_items = static_cast<int>(menu_.size());
780 show_menu = true; 778 show_menu = true;
781 menu_sel = initial_selection; 779 menu_sel = initial_selection;
782 update_screen_locked(); 780 update_screen_locked();