Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3372f2e2 authored by Johannes Carlsson's avatar Johannes Carlsson Committed by Kenneth Andersson
Browse files

Corrected buffer overflow when parsing /proc/wakelocks 

The android_os_Process_parseProcLineArray in android_util_Process.cpp
writes up to buffer[endIndex]. This sometimes caused an assert to be
triggered in NewStringUTF when the output from /proc/wakelocks was
larger than 4096 bytes. The buffer was also increased in order to be
able to parse all wakelocks completely.

Change-Id: Idf8e66d61ad979377569048f59c3eee278b146db
parent dd1880ee

core/java/com/android/internal/os/BatteryStatsImpl.java

+6 −4
Original line number Diff line number Diff line
@@ -844,7 +844,7 @@ public final class BatteryStatsImpl extends BatteryStats { 
    

    private final Map<String, KernelWakelockStats> readKernelWakelockStats() {

        

        byte[] buffer = new byte[4096];

        byte[] buffer = new byte[8192];

        int len;

        

        try {
@@ -891,9 +891,11 @@ public final class BatteryStatsImpl extends BatteryStats { 
                for (endIndex=startIndex; 

                        endIndex < len && wlBuffer[endIndex] != '\n' && wlBuffer[endIndex] != '\0'; 

                        endIndex++);

                // Don't go over the end of the buffer

                if (endIndex < len) {

                endIndex++; // endIndex is an exclusive upper bound.

                // Don't go over the end of the buffer, Process.parseProcLine might

                // write to wlBuffer[endIndex]

                if (endIndex >= (len - 1) ) {

                    return m;

                }



                String[] nameStringArray = mProcWakelocksName;