diff options
| author | Andy McFadden <fadden@android.com> | 2010-03-02 11:14:39 -0800 |
|---|---|---|
| committer | Android Code Review <code-review@android.com> | 2010-03-02 11:14:39 -0800 |
| commit | fd7ebb367330ea3b999ca9c2a48431c437c05f67 (patch) | |
| tree | 89f17ac4d6821cf549df1cb840bcbda864b09d16 | |
| parent | d6391c6aaaa40c20761b7a2a8d4be115163e4194 (diff) | |
| parent | b45b5c9f227473050ef785d11e518e947c8754fb (diff) | |
| download | system_core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.tar.gz system_core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.tar.bz2 system_core-fd7ebb367330ea3b999ca9c2a48431c437c05f67.zip | |
Merge "Fix Heap Corruption from too long of a TAG"
| -rw-r--r-- | liblog/logprint.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/liblog/logprint.c b/liblog/logprint.c index 080f9e36..acfa9f4c 100644 --- a/liblog/logprint.c +++ b/liblog/logprint.c @@ -753,6 +753,16 @@ char *android_log_formatLogLine ( suffixLen = 1; break; } + /* snprintf has a weird return value. It returns what would have been + * written given a large enough buffer. In the case that the prefix is + * longer then our buffer(128), it messes up the calculations below + * possibly causing heap corruption. To avoid this we double check and + * set the length at the maximum (size minus null byte) + */ + if(prefixLen >= sizeof(prefixBuf)) + prefixLen = sizeof(prefixBuf) - 1; + if(suffixLen >= sizeof(suffixBuf)) + suffixLen = sizeof(suffixBuf) - 1; /* the following code is tragically unreadable */ |