logger: validate hdr_size field in logger entry
- check hdr_size to make sure it is in the expected range
from sizeof entry_v1 to entry (entry_v4).
- alter msg() method to report NULL on invalid hdr_size
- alter all users of msg() method.
Bug: 30947841
Change-Id: I9bc1740d7aa9f37df5be966c18de1fb9de63d5dd
diff --git a/liblog/tests/liblog_benchmark.cpp b/liblog/tests/liblog_benchmark.cpp
index 1b66a56..f4e3089 100644
--- a/liblog/tests/liblog_benchmark.cpp
+++ b/liblog/tests/liblog_benchmark.cpp
@@ -542,7 +542,7 @@
char* eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
log_time tx(eventData + 4 + 1);
@@ -622,7 +622,7 @@
char* eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
log_time tx(eventData + 4 + 1);
diff --git a/liblog/tests/liblog_test.cpp b/liblog/tests/liblog_test.cpp
index df2c766..8f6f07a 100644
--- a/liblog/tests/liblog_test.cpp
+++ b/liblog/tests/liblog_test.cpp
@@ -154,7 +154,7 @@
char *eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
@@ -227,7 +227,7 @@
char *eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_STRING) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_STRING)) {
continue;
}
@@ -506,7 +506,7 @@
char *eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
@@ -637,7 +637,7 @@
char *eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
@@ -788,7 +788,7 @@
char *eventData = log_msg.msg();
- if (eventData[4] != EVENT_TYPE_LONG) {
+ if (!eventData || (eventData[4] != EVENT_TYPE_LONG)) {
continue;
}
@@ -990,9 +990,9 @@
continue;
}
- char *data = log_msg.msg() + 1;
+ char *data = log_msg.msg();
- if (strcmp(data, tag)) {
+ if (!data || strcmp(++data, tag)) {
continue;
}
@@ -1107,9 +1107,9 @@
continue;
}
- char *data = log_msg.msg() + 1;
+ char *data = log_msg.msg();
- if (strcmp(data, tag)) {
+ if (!data || strcmp(++data, tag)) {
continue;
}
@@ -1606,6 +1606,9 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
// Tag
int tag = get4LE(eventData);
@@ -1687,6 +1690,10 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
+
char *original = eventData;
// Tag
@@ -1774,6 +1781,9 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
// Tag
int tag = get4LE(eventData);
@@ -1817,6 +1827,9 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
// Tag
int tag = get4LE(eventData);
@@ -1904,6 +1917,9 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
// Tag
int tag = get4LE(eventData);
@@ -1961,6 +1977,9 @@
}
char *eventData = log_msg.msg();
+ if (!eventData) {
+ continue;
+ }
// Tag
int tag = get4LE(eventData);
@@ -2449,16 +2468,19 @@
android_log_format_free(logformat);
// test buffer reading API
- snprintf(msgBuf, sizeof(msgBuf), "I/[%d]", get4LE(eventData));
- print_barrier();
- fprintf(stderr, "%-10s(%5u): ", msgBuf, pid);
- memset(msgBuf, 0, sizeof(msgBuf));
- int buffer_to_string = android_log_buffer_to_string(
- eventData + sizeof(uint32_t),
- log_msg.entry.len - sizeof(uint32_t),
- msgBuf, sizeof(msgBuf));
- fprintf(stderr, "%s\n", msgBuf);
- print_barrier();
+ int buffer_to_string = -1;
+ if (eventData) {
+ snprintf(msgBuf, sizeof(msgBuf), "I/[%d]", get4LE(eventData));
+ print_barrier();
+ fprintf(stderr, "%-10s(%5u): ", msgBuf, pid);
+ memset(msgBuf, 0, sizeof(msgBuf));
+ buffer_to_string = android_log_buffer_to_string(
+ eventData + sizeof(uint32_t),
+ log_msg.entry.len - sizeof(uint32_t),
+ msgBuf, sizeof(msgBuf));
+ fprintf(stderr, "%s\n", msgBuf);
+ print_barrier();
+ }
EXPECT_EQ(0, buffer_to_string);
EXPECT_EQ(strlen(expected_string), strlen(msgBuf));
EXPECT_EQ(0, strcmp(expected_string, msgBuf));