diff options
author | Ajay Nambi <anambi@codeaurora.org> | 2015-08-05 14:53:50 +0530 |
---|---|---|
committer | Christopher N. Hesse <raymanfx@gmail.com> | 2016-09-11 01:59:53 +0200 |
commit | 323c882404bf5f979bc49a8a49ea202c7d40cbcc (patch) | |
tree | 2526b736bfe92e68f4a5a3a9efb502a7d94a1fb6 | |
parent | 022eadd45887b41cd87a6e9482f83c08c1abd081 (diff) | |
download | android_hardware_samsung-323c882404bf5f979bc49a8a49ea202c7d40cbcc.tar.gz android_hardware_samsung-323c882404bf5f979bc49a8a49ea202c7d40cbcc.tar.bz2 android_hardware_samsung-323c882404bf5f979bc49a8a49ea202c7d40cbcc.zip |
Fix for rild crash becasue of buffer overflow
There is a buffer overflow which causing rild crash. For
appendPrintBuf, "sprintf" is replaced with "snprintf" for
the safe copy operation.
Bug:23289936
Change-Id: I25430a5c6f2a8b19a3271235323499b6ee802746
-rw-r--r-- | ril/libril/ril.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ril/libril/ril.cpp b/ril/libril/ril.cpp index c3f50ba..716f37d 100644 --- a/ril/libril/ril.cpp +++ b/ril/libril/ril.cpp @@ -110,7 +110,7 @@ namespace android { #define clearPrintBuf printBuf[0] = 0 #define removeLastChar printBuf[strlen(printBuf)-1] = 0 - #define appendPrintBuf(x...) sprintf(printBuf, x) + #define appendPrintBuf(x...) snprintf(printBuf, PRINTBUF_SIZE, x) #else #define startRequest #define closeRequest |