diff options
| author | Josh Gao <jmgao@google.com> | 2018-04-20 17:31:53 -0700 |
|---|---|---|
| committer | Josh Gao <jmgao@google.com> | 2018-04-20 17:46:50 -0700 |
| commit | 83b8ac24b66ff0310500ddc906b26dab5bfeea5a (patch) | |
| tree | 7613a4e6a5e5c2e01d61578cd33828e4205c8d39 /debuggerd/libdebuggerd/tombstone.cpp | |
| parent | 5d1c14f41bac357c730aa47d705c1f1da7625280 (diff) | |
| download | system_core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.tar.gz system_core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.tar.bz2 system_core-83b8ac24b66ff0310500ddc906b26dab5bfeea5a.zip | |
libdebuggerd: fix out of bounds write.
Bug: http://b/78363964
Test: treehugger
Change-Id: I79ae818e4e0c29f064335d59789afc3b1bf87c69
Diffstat (limited to 'debuggerd/libdebuggerd/tombstone.cpp')
| -rw-r--r-- | debuggerd/libdebuggerd/tombstone.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp index 2b7529217..af8072e76 100644 --- a/debuggerd/libdebuggerd/tombstone.cpp +++ b/debuggerd/libdebuggerd/tombstone.cpp @@ -247,14 +247,13 @@ static void dump_abort_message(log_t* log, Memory* process_memory, uint64_t addr length -= sizeof(size_t); - std::vector<char> msg(length); + // The abort message should be null terminated already, but reserve a spot for NUL just in case. + std::vector<char> msg(length + 1); if (!process_memory->ReadFully(address + sizeof(length), &msg[0], length)) { _LOG(log, logtype::HEADER, "Failed to read abort message: %s\n", strerror(errno)); return; } - // The abort message should be null terminated already, but just in case... - msg[length] = '\0'; _LOG(log, logtype::HEADER, "Abort message: '%s'\n", &msg[0]); } |