summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFengwei Yin2014-02-26 11:17:09 -0600
committerFengwei Yin2014-02-26 11:17:09 -0600
commitfff9d11be528ad8f581cc7223b879c55009d7396 (patch)
tree9ca229a0254dcd2c76a3e4cb5721e410e5d3cb63 /libutils/String8.cpp
parentebb46d76e4bf4ee4f34b42709ea69cce07e3e322 (diff)
downloadplatform-system-core-fff9d11be528ad8f581cc7223b879c55009d7396.tar.gz
platform-system-core-fff9d11be528ad8f581cc7223b879c55009d7396.tar.xz
platform-system-core-fff9d11be528ad8f581cc7223b879c55009d7396.zip
Fix undefined args access for x86_64.
From libc manual for vsnprintf: The functions vprintf(), vfprintf(), vsprintf(), vsnprintf() are equivalent to the functions printf(), fprintf(), sprintf(), snprintf(), respectively, except that they are called with a va_list instead of a variable number of arguments. These functions do not call the va_end macro. Because they invoke the va_arg macro, the value of ap is undefined after the call. We need to allocate/end new va_list for each vsnprintf. Change-Id: I66ec058033be1cb918e7b2bc84ca546800da226b Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Diffstat (limited to 'libutils/String8.cpp')
-rw-r--r--libutils/String8.cpp13
1 files changed, 11 insertions, 2 deletions
diff --git a/libutils/String8.cpp b/libutils/String8.cpp
index e852d77b7..8acb4d45f 100644
--- a/libutils/String8.cpp
+++ b/libutils/String8.cpp
@@ -323,8 +323,17 @@ status_t String8::appendFormat(const char* fmt, ...)
323 323
324status_t String8::appendFormatV(const char* fmt, va_list args) 324status_t String8::appendFormatV(const char* fmt, va_list args)
325{ 325{
326 int result = NO_ERROR; 326 int n, result = NO_ERROR;
327 int n = vsnprintf(NULL, 0, fmt, args); 327 va_list tmp_args;
328
329 /* args is undefined after vsnprintf.
330 * So we need a copy here to avoid the
331 * second vsnprintf access undefined args.
332 */
333 va_copy(tmp_args, args);
334 n = vsnprintf(NULL, 0, fmt, tmp_args);
335 va_end(tmp_args);
336
328 if (n != 0) { 337 if (n != 0) {
329 size_t oldLength = length(); 338 size_t oldLength = length();
330 char* buf = lockBuffer(oldLength + n); 339 char* buf = lockBuffer(oldLength + n);