From 83b8ac24b66ff0310500ddc906b26dab5bfeea5a Mon Sep 17 00:00:00 2001 From: Josh Gao Date: Fri, 20 Apr 2018 17:31:53 -0700 Subject: [PATCH] libdebuggerd: fix out of bounds write. Bug: http://b/78363964 Test: treehugger Change-Id: I79ae818e4e0c29f064335d59789afc3b1bf87c69 --- debuggerd/libdebuggerd/tombstone.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp index 2b7529217..af8072e76 100644 --- a/debuggerd/libdebuggerd/tombstone.cpp +++ b/debuggerd/libdebuggerd/tombstone.cpp @@ -247,14 +247,13 @@ static void dump_abort_message(log_t* log, Memory* process_memory, uint64_t addr length -= sizeof(size_t); - std::vector msg(length); + // The abort message should be null terminated already, but reserve a spot for NUL just in case. + std::vector msg(length + 1); if (!process_memory->ReadFully(address + sizeof(length), &msg[0], length)) { _LOG(log, logtype::HEADER, "Failed to read abort message: %s\n", strerror(errno)); return; } - // The abort message should be null terminated already, but just in case... - msg[length] = '\0'; _LOG(log, logtype::HEADER, "Abort message: '%s'\n", &msg[0]); }