ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libutils: check vsnprintf error

Browse source 
For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.

Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
This commit is contained in:
Steven Moreland 2020-07-28 21:41:54 +00:00
parent dc08030376
commit 0f0cb957b2
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libutils/String8.cpp
View file

@ -309,8 +309,14 @@ status_t String8::appendFormatV(const char* fmt, va_list args)
n = vsnprintf(nullptr, 0, fmt, tmp_args); n = vsnprintf(nullptr, 0, fmt, tmp_args);
va_end(tmp_args); va_end(tmp_args);
if (n != 0) { if (n < 0) return UNKNOWN_ERROR;
if (n > 0) {
size_t oldLength = length(); size_t oldLength = length();
if (n > std::numeric_limits<size_t>::max() - 1 ||
oldLength > std::numeric_limits<size_t>::max() - n - 1) {
return NO_MEMORY;
}
char* buf = lockBuffer(oldLength + n); char* buf = lockBuffer(oldLength + n);
if (buf) { if (buf) {
vsnprintf(buf + oldLength, n + 1, fmt, args); vsnprintf(buf + oldLength, n + 1, fmt, args);