diff options
author | Andy McFadden | 2010-03-02 13:14:39 -0600 |
---|---|---|
committer | Android Code Review | 2010-03-02 13:14:39 -0600 |
commit | fd7ebb367330ea3b999ca9c2a48431c437c05f67 (patch) | |
tree | 89f17ac4d6821cf549df1cb840bcbda864b09d16 | |
parent | d6391c6aaaa40c20761b7a2a8d4be115163e4194 (diff) | |
parent | b45b5c9f227473050ef785d11e518e947c8754fb (diff) | |
download | platform-system-core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.tar.gz platform-system-core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.tar.xz platform-system-core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.zip |
Merge "Fix Heap Corruption from too long of a TAG"
-rw-r--r-- | liblog/logprint.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/liblog/logprint.c b/liblog/logprint.c index 080f9e364..acfa9f4c4 100644 --- a/liblog/logprint.c +++ b/liblog/logprint.c | |||
@@ -753,6 +753,16 @@ char *android_log_formatLogLine ( | |||
753 | suffixLen = 1; | 753 | suffixLen = 1; |
754 | break; | 754 | break; |
755 | } | 755 | } |
756 | /* snprintf has a weird return value. It returns what would have been | ||
757 | * written given a large enough buffer. In the case that the prefix is | ||
758 | * longer then our buffer(128), it messes up the calculations below | ||
759 | * possibly causing heap corruption. To avoid this we double check and | ||
760 | * set the length at the maximum (size minus null byte) | ||
761 | */ | ||
762 | if(prefixLen >= sizeof(prefixBuf)) | ||
763 | prefixLen = sizeof(prefixBuf) - 1; | ||
764 | if(suffixLen >= sizeof(suffixBuf)) | ||
765 | suffixLen = sizeof(suffixBuf) - 1; | ||
756 | 766 | ||
757 | /* the following code is tragically unreadable */ | 767 | /* the following code is tragically unreadable */ |
758 | 768 | ||