diff options
author | Nick Kralevich <nnk@google.com> | 2015-02-08 07:54:16 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-02-08 17:46:08 -0800 |
commit | c52e45ed972c6935605d59fc428a513d9cb1ac24 (patch) | |
tree | 9bc8d30f7ee96dd1fb9a9fc6b8bf558e14e17bc4 | |
parent | d8dcd06e4703dae1927020cbcbafd85226492946 (diff) | |
download | android_hardware_ril-c52e45ed972c6935605d59fc428a513d9cb1ac24.tar.gz android_hardware_ril-c52e45ed972c6935605d59fc428a513d9cb1ac24.tar.bz2 android_hardware_ril-c52e45ed972c6935605d59fc428a513d9cb1ac24.zip |
ril.cpp: fix misuse of strncat
strncat(dest,src,size) appends size+1 bytes to the end of
dest, so sizeof(dest) must be greater than
strlen(dest) + size + 1. Passing the buffer size to strncat
instead of sizeof(dest) - strlen(dest) - 1 is a common
strncat bug. Use strlcat instead, as it has more intuitive
behavior and ensures the buffer is properly null terminated.
Addresses the following compiler warning:
In file included from system/core/include/cutils/sockets.h:22:0,
from hardware/ril/libril/ril.cpp:24:
In function 'char* strncat(char*, const char*, size_t)',
inlined from 'void android::RIL_register(const RIL_RadioFunctions*)' at hardware/ril/libril/ril.cpp:4258:62:
bionic/libc/include/string.h:199:61: warning: call to char* __builtin___strncat_chk(char*, const char*, unsigned int, unsigned int) might overflow destination buffer
return __builtin___strncat_chk(dest, src, n, __bos(dest));
^
(line numbers are from internal master and do not match AOSP)
Even with this change, this code feels weird.
MAX_DEBUG_SOCKET_NAME_LENGTH is 12, and rildebug is initialized to be
SOCKET_NAME_RIL_DEBUG ("rild-debug"), which is 11 bytes including null
terminator. The strlcat call here can append a maximum of 1 byte before
the buffer is full. I don't know if this is intended or not.
Change-Id: I49801ad1ea3aa6173bbc9fd7cf00f3d308693253
-rw-r--r-- | libril/ril.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libril/ril.cpp b/libril/ril.cpp index bfdeea5..86127c4 100644 --- a/libril/ril.cpp +++ b/libril/ril.cpp @@ -4013,7 +4013,7 @@ RIL_register (const RIL_RadioFunctions *callbacks) { char rildebug[MAX_DEBUG_SOCKET_NAME_LENGTH] = SOCKET_NAME_RIL_DEBUG; if (inst != NULL) { - strncat(rildebug, inst, MAX_DEBUG_SOCKET_NAME_LENGTH); + strlcat(rildebug, inst, MAX_DEBUG_SOCKET_NAME_LENGTH); } s_fdDebug = android_get_control_socket(rildebug); |