aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTao Bao2017-09-07 15:38:51 -0500
committerTao Bao2017-09-08 12:50:07 -0500
commite15d7a5104978cd8399501636aec0df9c1a4823c (patch)
tree7687f86225f3725f505c6ee1d3f59e21d041c40b /wear_ui.cpp
parent8c753f62538b2008e726c66def9bf47aeed7afe1 (diff)
downloadplatform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.tar.gz
platform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.tar.xz
platform-bootable-recovery-e15d7a5104978cd8399501636aec0df9c1a4823c.zip
ui: Manage menu_ with std::vector.
Prior to this CL, menu_ is allocated with a fixed length of text_rows_. However, because we support scrollable menu in wear_ui, there might be more menu entries than text_rows_, which would lead to out-of-bounds array access. This CL addresses the issue by switching to std::vector. Bug: 65416558 Test: Run 'View recovery logs' on angler. Test: Set large margin height that leaves text_rows less than 21. Then run 'View recovery logs' with 21 menu entries. Change-Id: I5d4e3a0a097039e1104eda7d494c6269053dc894
Diffstat (limited to 'wear_ui.cpp')
-rw-r--r--wear_ui.cpp13
1 files changed, 6 insertions, 7 deletions
diff --git a/wear_ui.cpp b/wear_ui.cpp
index 670050a0..edc39cfb 100644
--- a/wear_ui.cpp
+++ b/wear_ui.cpp
@@ -127,11 +127,11 @@ void WearRecoveryUI::draw_screen_locked() {
127 // white text of selected item 127 // white text of selected item
128 SetColor(MENU_SEL_FG); 128 SetColor(MENU_SEL_FG);
129 if (menu_[i][0]) { 129 if (menu_[i][0]) {
130 gr_text(gr_sys_font(), x + 4, y, menu_[i], 1); 130 gr_text(gr_sys_font(), x + 4, y, menu_[i].c_str(), 1);
131 } 131 }
132 SetColor(MENU); 132 SetColor(MENU);
133 } else if (menu_[i][0]) { 133 } else if (menu_[i][0]) {
134 gr_text(gr_sys_font(), x + 4, y, menu_[i], 0); 134 gr_text(gr_sys_font(), x + 4, y, menu_[i].c_str(), 0);
135 } 135 }
136 y += char_height_ + 4; 136 y += char_height_ + 4;
137 } 137 }
@@ -199,17 +199,16 @@ void WearRecoveryUI::StartMenu(const char* const* headers, const char* const* it
199 pthread_mutex_lock(&updateMutex); 199 pthread_mutex_lock(&updateMutex);
200 if (text_rows_ > 0 && text_cols_ > 0) { 200 if (text_rows_ > 0 && text_cols_ > 0) {
201 menu_headers_ = headers; 201 menu_headers_ = headers;
202 size_t i = 0; 202 menu_.clear();
203 // "i < text_rows_" is removed from the loop termination condition, 203 // "i < text_rows_" is removed from the loop termination condition,
204 // which is different from the one in ScreenRecoveryUI::StartMenu(). 204 // which is different from the one in ScreenRecoveryUI::StartMenu().
205 // Because WearRecoveryUI supports scrollable menu, it's fine to have 205 // Because WearRecoveryUI supports scrollable menu, it's fine to have
206 // more entries than text_rows_. The menu may be truncated otherwise. 206 // more entries than text_rows_. The menu may be truncated otherwise.
207 // Bug: 23752519 207 // Bug: 23752519
208 for (; items[i] != nullptr; i++) { 208 for (size_t i = 0; items[i] != nullptr; i++) {
209 strncpy(menu_[i], items[i], text_cols_ - 1); 209 menu_.emplace_back(std::string(items[i], strnlen(items[i], text_cols_ - 1)));
210 menu_[i][text_cols_ - 1] = '\0';
211 } 210 }
212 menu_items = i; 211 menu_items = static_cast<int>(menu_.size());
213 show_menu = true; 212 show_menu = true;
214 menu_sel = initial_selection; 213 menu_sel = initial_selection;
215 menu_start = 0; 214 menu_start = 0;