Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b303f2e4 authored by Ivan Lozano's avatar Ivan Lozano
Browse files

Fix overflow sanitizer in copyWithAuthor. 

The array index calculation in NBLog.cpp causes a runtime error on
integer overflow sanitized builds.

 runtime error: unsigned integer overflow: 27 + 4294967295 cannot be
 represented in type 'unsigned int'

This restructures the buffer index to avoid the overflow all together.

Bug: 30969751
Test: Compiles, device boots.
Change-Id: I9abb858190ecdeeaede66cf502ceb586467d5c0c
Merged-In: I9abb858190ecdeeaede66cf502ceb586467d5c0c
(cherry picked from commit 9ef855d0)
parent 46d5355a

media/libnbaio/NBLog.cpp

+2 −1
Original line number Diff line number Diff line
@@ -331,7 +331,8 @@ NBLog::EntryIterator NBLog::HistogramEntry::copyWithAuthor( 
    *(int*) (buffer + sizeof(entry) + sizeof(HistTsEntry)) = author;

    // Update lengths

    buffer[offsetof(entry, length)] = sizeof(HistTsEntryWithAuthor);

    buffer[sizeof(buffer) + Entry::kPreviousLengthOffset] = sizeof(HistTsEntryWithAuthor);

    buffer[offsetof(entry, data) + sizeof(HistTsEntryWithAuthor) + offsetof(ending, length)]

        = sizeof(HistTsEntryWithAuthor);

    // Write new buffer into FIFO

    dst->write(buffer, sizeof(buffer));

    return EntryIterator(mEntry).next();