diff options
| author | Greg Kaiser <gkaiser@google.com> | 2018-03-23 14:16:12 -0700 |
|---|---|---|
| committer | Suren Baghdasaryan <surenb@google.com> | 2018-08-07 15:42:19 -0700 |
| commit | f0da9b0cc2875dde93d58c28f9c9b0901dc6897d (patch) | |
| tree | 56cd275655f5c2d8853cb607dde0715293ce6929 /lmkd/lmkd.c | |
| parent | 7d4e7d3156997da003b3e60e5b9fe024ae244940 (diff) | |
| download | system_core-f0da9b0cc2875dde93d58c28f9c9b0901dc6897d.tar.gz system_core-f0da9b0cc2875dde93d58c28f9c9b0901dc6897d.tar.bz2 system_core-f0da9b0cc2875dde93d58c28f9c9b0901dc6897d.zip | |
lmkd: Protect against buffer overflow
We're passing a 'line' whose backing buffer is PAGE_MAX in size
into memory_stat_parse_line(). We protect overflowing the smaller
LINE_MAX 'key' buffer via some C preprocessing macros to assure
we limit the size.
Test: Local build with LMKD_LOG_STATS set for this file.
Bug: 76220622
Change-Id: I9e50d4270f7099e37a9bfc7fb9b9b95cc7adb086
Diffstat (limited to 'lmkd/lmkd.c')
| -rw-r--r-- | lmkd/lmkd.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c index 8fda5636f..a14d0e582 100644 --- a/lmkd/lmkd.c +++ b/lmkd/lmkd.c @@ -82,6 +82,9 @@ /* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */ #define SYSTEM_ADJ (-900) +#define STRINGIFY(x) STRINGIFY_INTERNAL(x) +#define STRINGIFY_INTERNAL(x) #x + /* default to old in-kernel interface if no memory pressure events */ static bool use_inkernel_interface = true; static bool has_inkernel_module; @@ -730,10 +733,10 @@ static void ctrl_connect_handler(int data __unused, uint32_t events __unused) { #ifdef LMKD_LOG_STATS static void memory_stat_parse_line(char *line, struct memory_stat *mem_st) { - char key[LINE_MAX]; + char key[LINE_MAX + 1]; int64_t value; - sscanf(line,"%s %" SCNd64 "", key, &value); + sscanf(line, "%" STRINGIFY(LINE_MAX) "s %" SCNd64 "", key, &value); if (strcmp(key, "total_") < 0) { return; |