wenchao-hao
/
lmkd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lmkd: Protect against buffer overflow 

We're passing a 'line' whose backing buffer is PAGE_MAX in size
into memory_stat_parse_line().  We protect overflowing the smaller
LINE_MAX 'key' buffer via some C preprocessing macros to assure
we limit the size.

Test: Local build with LMKD_LOG_STATS set for this file.
Bug: 76220622
Change-Id: I9e50d4270f7099e37a9bfc7fb9b9b95cc7adb086
This commit is contained in:
Greg Kaiser 2018-03-23 14:16:12 -07:00
parent 6afff4243c
commit 1d721caddc
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lmkd.c
View File

@ -80,6 +80,9 @@
/* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */ /* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */
#define SYSTEM_ADJ (-900) #define SYSTEM_ADJ (-900)
#define STRINGIFY(x) STRINGIFY_INTERNAL(x)
#define STRINGIFY_INTERNAL(x) #x
/* default to old in-kernel interface if no memory pressure events */ /* default to old in-kernel interface if no memory pressure events */
static int use_inkernel_interface = 1; static int use_inkernel_interface = 1;
static bool has_inkernel_module; static bool has_inkernel_module;
@ -583,10 +586,10 @@ static void ctrl_connect_handler(int data __unused, uint32_t events __unused) {
#ifdef LMKD_LOG_STATS #ifdef LMKD_LOG_STATS
static void memory_stat_parse_line(char *line, struct memory_stat *mem_st) { static void memory_stat_parse_line(char *line, struct memory_stat *mem_st) {
char key[LINE_MAX]; char key[LINE_MAX + 1];
int64_t value; int64_t value;
sscanf(line,"%s %" SCNd64 "", key, &value); sscanf(line, "%" STRINGIFY(LINE_MAX) "s %" SCNd64 "", key, &value);
if (strcmp(key, "total_") < 0) { if (strcmp(key, "total_") < 0) {
return; return;