From ba95be58c596aa7b5034b1bce8f3fde97ae08780 Mon Sep 17 00:00:00 2001
From: "Christopher R. Palmer" <crpalmer@gmail.com>
Date: Mon, 22 Sep 2014 14:35:54 -0400
Subject: [PATCH] init: Fix memory corruption when sanitizing platform paths

This commit fixes code that incorrectly increments s when it
hits the terminator character of the string being sanitized.
This means it will randomly start trashing memory beyond the
end of the string being sanitized until it happens to hit two
NULs (\0\0) which will break it out of the loop.

(cherry picked from commit 07f3fee164bd7ba14ce9b2dd3818006f07162845)

Bug: 18885357
Change-Id: If6b01fe2b9bd5985f08f1278deb03b311d0170dc
---
 init/util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/init/util.c b/init/util.c
index 0f69e1c5f..e1a3ee33a 100644
--- a/init/util.c
+++ b/init/util.c
@@ -329,9 +329,9 @@ void sanitize(char *s)
     if (!s)
         return;
 
-    for (; *s; s++) {
+    while (*s) {
         s += strspn(s, accept);
-        if (*s) *s = '_';
+        if (*s) *s++ = '_';
     }
 }