Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 248f34f1 authored by Ivan Lozano's avatar Ivan Lozano
Browse files

Fix overflow sanitizer in copyWithAuthor. 

An array index calculation in NBLog.cpp causes a runtime error on
integer overflow sanitized builds.

 buffer[sizeof(buffer) + Entry::kPreviousLengthOffset] = ...

 runtime error: unsigned integer overflow: 27 + 4294967295 cannot be
 represented in type 'unsigned int'

This changes kPreviousLengthOffset to signed, which provides the same
effect without the overflow.

Bug: 30969751
Test: Compiles, device boots.
Change-Id: I25b232bba6a1940674d15a06483b2595eecc29e8
parent 7b0e9532

media/libnblog/include/media/nblog/NBLog.h

+1 −1
Original line number Diff line number Diff line
@@ -236,7 +236,7 @@ private: 
        // mEvent, mLength, mData[...], duplicate mLength

        static const size_t kOverhead = sizeof(entry) + sizeof(ending);

        // endind length of previous entry

        static const size_t kPreviousLengthOffset = - sizeof(ending) +

        static const ssize_t kPreviousLengthOffset = - sizeof(ending) +

            offsetof(ending, length);

    };