From 22712428b825951e8a4b38f0482a7cc397e5cd78 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Tue, 13 Mar 2018 11:06:38 -0700
Subject: [PATCH] logd: identical check access message data out of range

While running AddressSanitizer, binary events were fed into logd
that were smaller than the binary event string header. Fix is to
check the buffer sizes before performing the memcmp operation.

Test: compile
Bug: 74574189
Change-Id: Ic01ef6fb0725258d9f39bbdca582ed648a1adc5d
---
 logd/LogBuffer.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index b8af2f09b..a78319ff4 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -171,7 +171,9 @@ static enum match_type identical(LogBufferElement* elem,
     }
 
     // audit message (except sequence number) identical?
-    if (last->isBinary()) {
+    if (last->isBinary() &&
+        (lenl > static_cast<ssize_t>(sizeof(android_log_event_string_t))) &&
+        (lenr > static_cast<ssize_t>(sizeof(android_log_event_string_t)))) {
         if (fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_string_t) -
                                             sizeof(int32_t))) {
             return DIFFERENT;