gps: Fix for buffer overrun crash at copying nmea stringstaging/lineage-17.0_merge-android-10.0.0_r9

Add zero clearing of allocated nmea buffer to ensure
the nmea string is null terminated.

Change-Id: Ie6561fdfc9914278e51c81769c777c234dfe9117
CRs-Fixed: 2041933

5 files changed, 10 insertions, 10 deletions

diff --git a/msm8909/loc_api/libloc_api_50001/loc_eng.cpp b/msm8909/loc_api/libloc_api_50001/loc_eng.cpp
index 5b5a83c..720adcd 100644
--- a/msm8909/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/msm8909/loc_api/libloc_api_50001/loc_eng.cpp
@@ -889,9 +889,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {
diff --git a/msm8960/loc_api/libloc_api_50001/loc_eng.cpp b/msm8960/loc_api/libloc_api_50001/loc_eng.cpp
index ade891e..0df1424 100644
--- a/msm8960/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/msm8960/loc_api/libloc_api_50001/loc_eng.cpp
@@ -845,9 +845,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {
diff --git a/msm8974/loc_api/libloc_api_50001/loc_eng.cpp b/msm8974/loc_api/libloc_api_50001/loc_eng.cpp
index 3c687e8..d9ba8e7 100644
--- a/msm8974/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/msm8974/loc_api/libloc_api_50001/loc_eng.cpp
@@ -912,9 +912,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {
diff --git a/msm8994/loc_api/libloc_api_50001/loc_eng.cpp b/msm8994/loc_api/libloc_api_50001/loc_eng.cpp
index d5f73c2..570d286 100644
--- a/msm8994/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/msm8994/loc_api/libloc_api_50001/loc_eng.cpp
@@ -890,9 +890,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {
diff --git a/msm8996/loc_api/libloc_api_50001/loc_eng.cpp b/msm8996/loc_api/libloc_api_50001/loc_eng.cpp
index e4e2344..ee76f13 100644
--- a/msm8996/loc_api/libloc_api_50001/loc_eng.cpp
+++ b/msm8996/loc_api/libloc_api_50001/loc_eng.cpp
@@ -888,9 +888,9 @@ inline void LocEngReportStatus::log() const {
 //        case LOC_ENG_MSG_REPORT_NMEA:
 LocEngReportNmea::LocEngReportNmea(void* locEng,
                                    const char* data, int len) :
-    LocMsg(), mLocEng(locEng), mNmea(new char[len]), mLen(len)
+    LocMsg(), mLocEng(locEng), mNmea(new char[len+1]), mLen(len)
 {
-    memcpy((void*)mNmea, (void*)data, len);
+    strlcpy(mNmea, data, len+1);
     locallog();
 }
 void LocEngReportNmea::proc() const {