logd: identical check access message data out of range

While running AddressSanitizer, binary events were fed into logd that were smaller than the binary event string header. Fix is to check the buffer sizes before performing the memcmp operation. Test: compile Bug: 74574189 Change-Id: Ic01ef6fb0725258d9f39bbdca582ed648a1adc5d
2018-03-13 11:06:38 -07:00 · 2018-03-13 11:06:38 -07:00 · 22712428b8
commit 22712428b8
parent ff9b1db67c
1 changed files with 3 additions and 1 deletions
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@ -171,7 +171,9 @@ static enum match_type identical(LogBufferElement* elem,
    }

    // audit message (except sequence number) identical?
-    if (last->isBinary()) {
+    if (last->isBinary() &&
+        (lenl > static_cast<ssize_t>(sizeof(android_log_event_string_t))) &&
+        (lenr > static_cast<ssize_t>(sizeof(android_log_event_string_t)))) {
        if (fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_string_t) -
                                            sizeof(int32_t))) {
            return DIFFERENT;