summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosh Gao2018-04-20 19:31:53 -0500
committerJosh Gao2018-04-20 19:46:50 -0500
commit83b8ac24b66ff0310500ddc906b26dab5bfeea5a (patch)
tree7613a4e6a5e5c2e01d61578cd33828e4205c8d39 /debuggerd
parent5d1c14f41bac357c730aa47d705c1f1da7625280 (diff)
downloadplatform-system-core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.tar.gz
platform-system-core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.tar.xz
platform-system-core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.zip
libdebuggerd: fix out of bounds write.
Bug: http://b/78363964 Test: treehugger Change-Id: I79ae818e4e0c29f064335d59789afc3b1bf87c69
Diffstat (limited to 'debuggerd')
-rw-r--r--debuggerd/libdebuggerd/tombstone.cpp5
1 files changed, 2 insertions, 3 deletions
diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp
index 2b7529217..af8072e76 100644
--- a/debuggerd/libdebuggerd/tombstone.cpp
+++ b/debuggerd/libdebuggerd/tombstone.cpp
@@ -247,14 +247,13 @@ static void dump_abort_message(log_t* log, Memory* process_memory, uint64_t addr
247 247
248 length -= sizeof(size_t); 248 length -= sizeof(size_t);
249 249
250 std::vector<char> msg(length); 250 // The abort message should be null terminated already, but reserve a spot for NUL just in case.
251 std::vector<char> msg(length + 1);
251 if (!process_memory->ReadFully(address + sizeof(length), &msg[0], length)) { 252 if (!process_memory->ReadFully(address + sizeof(length), &msg[0], length)) {
252 _LOG(log, logtype::HEADER, "Failed to read abort message: %s\n", strerror(errno)); 253 _LOG(log, logtype::HEADER, "Failed to read abort message: %s\n", strerror(errno));
253 return; 254 return;
254 } 255 }
255 256
256 // The abort message should be null terminated already, but just in case...
257 msg[length] = '\0';
258 _LOG(log, logtype::HEADER, "Abort message: '%s'\n", &msg[0]); 257 _LOG(log, logtype::HEADER, "Abort message: '%s'\n", &msg[0]);
259} 258}
260 259