Loading libs/androidfw/Asset.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ String8 Asset::getAssetAllocations() res.append(cur->getAssetSource()); off64_t size = (cur->getLength()+512)/1024; char buf[64]; sprintf(buf, ": %dK\n", (int)size); snprintf(buf, sizeof(buf), ": %dK\n", (int)size); res.append(buf); } cur = cur->mNext; Loading libs/androidfw/BackupHelpers.cpp +20 −14 Original line number Diff line number Diff line Loading @@ -442,7 +442,7 @@ back_up_files(int oldSnapshotFD, BackupDataWriter* dataStream, int newSnapshotFD return 0; } static void calc_tar_checksum(char* buf) { static void calc_tar_checksum(char* buf, size_t buf_size) { // [ 148 : 8 ] checksum -- to be calculated with this field as space chars memset(buf + 148, ' ', 8); Loading @@ -453,11 +453,13 @@ static void calc_tar_checksum(char* buf) { // Now write the real checksum value: // [ 148 : 8 ] checksum: 6 octal digits [leading zeroes], NUL, SPC sprintf(buf + 148, "%06o", sum); // the trailing space is already in place snprintf(buf + 148, buf_size - 148, "%06o", sum); // the trailing space is // already in place } // Returns number of bytes written static int write_pax_header_entry(char* buf, const char* key, const char* value) { static int write_pax_header_entry(char* buf, size_t buf_size, const char* key, const char* value) { // start with the size of "1 key=value\n" int len = strlen(key) + strlen(value) + 4; if (len > 9) len++; Loading @@ -466,7 +468,7 @@ static int write_pax_header_entry(char* buf, const char* key, const char* value) // since PATH_MAX is 4096 we don't expect to have to generate any single // header entry longer than 9999 characters return sprintf(buf, "%d %s=%s\n", len, key, value); return snprintf(buf, buf_size, "%d %s=%s\n", len, key, value); } // Wire format to the backup manager service is chunked: each chunk is prefixed by Loading Loading @@ -550,8 +552,12 @@ int write_tarfile(const String8& packageName, const String8& domain, // read/write up to this much at a time. const size_t BUFSIZE = 32 * 1024; char* buf = (char *)calloc(1,BUFSIZE); char* paxHeader = buf + 512; // use a different chunk of it as separate scratch char* paxData = buf + 1024; const size_t PAXHEADER_OFFSET = 512; const size_t PAXHEADER_SIZE = 512; const size_t PAXDATA_SIZE = BUFSIZE - (PAXHEADER_SIZE + PAXHEADER_OFFSET); char* const paxHeader = buf + PAXHEADER_OFFSET; // use a different chunk of // it as separate scratch char* const paxData = paxHeader + PAXHEADER_SIZE; if (buf == NULL) { ALOGE("Out of mem allocating transfer buffer"); Loading Loading @@ -630,21 +636,21 @@ int write_tarfile(const String8& packageName, const String8& domain, // already preflighted if (needExtended) { char sizeStr[32]; // big enough for a 64-bit unsigned value in decimal char* p = paxData; // construct the pax extended header data block memset(paxData, 0, BUFSIZE - (paxData - buf)); memset(paxData, 0, PAXDATA_SIZE); // size header -- calc len in digits by actually rendering the number // to a string - brute force but simple int paxLen = 0; snprintf(sizeStr, sizeof(sizeStr), "%lld", (long long)s.st_size); p += write_pax_header_entry(p, "size", sizeStr); paxLen += write_pax_header_entry(paxData, PAXDATA_SIZE, "size", sizeStr); // fullname was generated above with the ustar paths p += write_pax_header_entry(p, "path", fullname.string()); paxLen += write_pax_header_entry(paxData + paxLen, PAXDATA_SIZE - paxLen, "path", fullname.string()); // Now we know how big the pax data is int paxLen = p - paxData; // Now build the pax *header* templated on the ustar header memcpy(paxHeader, buf, 512); Loading @@ -659,10 +665,10 @@ int write_tarfile(const String8& packageName, const String8& domain, // [ 124 : 12 ] size of pax extended header data memset(paxHeader + 124, 0, 12); snprintf(paxHeader + 124, 12, "%011o", (unsigned int)(p - paxData)); snprintf(paxHeader + 124, 12, "%011o", (unsigned int)paxLen); // Checksum and write the pax block header calc_tar_checksum(paxHeader); calc_tar_checksum(paxHeader, PAXHEADER_SIZE); send_tarfile_chunk(writer, paxHeader, 512); // Now write the pax data itself Loading @@ -671,7 +677,7 @@ int write_tarfile(const String8& packageName, const String8& domain, } // Checksum and write the 512-byte ustar file header block to the output calc_tar_checksum(buf); calc_tar_checksum(buf, BUFSIZE); send_tarfile_chunk(writer, buf, 512); // Now write the file data itself, for real files. We honor tar's convention that Loading services/core/jni/com_android_server_connectivity_Vpn.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -158,7 +158,7 @@ static int set_addresses(const char *name, const char *addresses) } if (count) { sprintf(ifr4.ifr_name, "%s:%d", name, count); snprintf(ifr4.ifr_name, sizeof(ifr4.ifr_name), "%s:%d", name, count); } if (ioctl(inet4, SIOCSIFADDR, &ifr4)) { count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR; Loading Loading
libs/androidfw/Asset.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -69,7 +69,7 @@ String8 Asset::getAssetAllocations() res.append(cur->getAssetSource()); off64_t size = (cur->getLength()+512)/1024; char buf[64]; sprintf(buf, ": %dK\n", (int)size); snprintf(buf, sizeof(buf), ": %dK\n", (int)size); res.append(buf); } cur = cur->mNext; Loading
libs/androidfw/BackupHelpers.cpp +20 −14 Original line number Diff line number Diff line Loading @@ -442,7 +442,7 @@ back_up_files(int oldSnapshotFD, BackupDataWriter* dataStream, int newSnapshotFD return 0; } static void calc_tar_checksum(char* buf) { static void calc_tar_checksum(char* buf, size_t buf_size) { // [ 148 : 8 ] checksum -- to be calculated with this field as space chars memset(buf + 148, ' ', 8); Loading @@ -453,11 +453,13 @@ static void calc_tar_checksum(char* buf) { // Now write the real checksum value: // [ 148 : 8 ] checksum: 6 octal digits [leading zeroes], NUL, SPC sprintf(buf + 148, "%06o", sum); // the trailing space is already in place snprintf(buf + 148, buf_size - 148, "%06o", sum); // the trailing space is // already in place } // Returns number of bytes written static int write_pax_header_entry(char* buf, const char* key, const char* value) { static int write_pax_header_entry(char* buf, size_t buf_size, const char* key, const char* value) { // start with the size of "1 key=value\n" int len = strlen(key) + strlen(value) + 4; if (len > 9) len++; Loading @@ -466,7 +468,7 @@ static int write_pax_header_entry(char* buf, const char* key, const char* value) // since PATH_MAX is 4096 we don't expect to have to generate any single // header entry longer than 9999 characters return sprintf(buf, "%d %s=%s\n", len, key, value); return snprintf(buf, buf_size, "%d %s=%s\n", len, key, value); } // Wire format to the backup manager service is chunked: each chunk is prefixed by Loading Loading @@ -550,8 +552,12 @@ int write_tarfile(const String8& packageName, const String8& domain, // read/write up to this much at a time. const size_t BUFSIZE = 32 * 1024; char* buf = (char *)calloc(1,BUFSIZE); char* paxHeader = buf + 512; // use a different chunk of it as separate scratch char* paxData = buf + 1024; const size_t PAXHEADER_OFFSET = 512; const size_t PAXHEADER_SIZE = 512; const size_t PAXDATA_SIZE = BUFSIZE - (PAXHEADER_SIZE + PAXHEADER_OFFSET); char* const paxHeader = buf + PAXHEADER_OFFSET; // use a different chunk of // it as separate scratch char* const paxData = paxHeader + PAXHEADER_SIZE; if (buf == NULL) { ALOGE("Out of mem allocating transfer buffer"); Loading Loading @@ -630,21 +636,21 @@ int write_tarfile(const String8& packageName, const String8& domain, // already preflighted if (needExtended) { char sizeStr[32]; // big enough for a 64-bit unsigned value in decimal char* p = paxData; // construct the pax extended header data block memset(paxData, 0, BUFSIZE - (paxData - buf)); memset(paxData, 0, PAXDATA_SIZE); // size header -- calc len in digits by actually rendering the number // to a string - brute force but simple int paxLen = 0; snprintf(sizeStr, sizeof(sizeStr), "%lld", (long long)s.st_size); p += write_pax_header_entry(p, "size", sizeStr); paxLen += write_pax_header_entry(paxData, PAXDATA_SIZE, "size", sizeStr); // fullname was generated above with the ustar paths p += write_pax_header_entry(p, "path", fullname.string()); paxLen += write_pax_header_entry(paxData + paxLen, PAXDATA_SIZE - paxLen, "path", fullname.string()); // Now we know how big the pax data is int paxLen = p - paxData; // Now build the pax *header* templated on the ustar header memcpy(paxHeader, buf, 512); Loading @@ -659,10 +665,10 @@ int write_tarfile(const String8& packageName, const String8& domain, // [ 124 : 12 ] size of pax extended header data memset(paxHeader + 124, 0, 12); snprintf(paxHeader + 124, 12, "%011o", (unsigned int)(p - paxData)); snprintf(paxHeader + 124, 12, "%011o", (unsigned int)paxLen); // Checksum and write the pax block header calc_tar_checksum(paxHeader); calc_tar_checksum(paxHeader, PAXHEADER_SIZE); send_tarfile_chunk(writer, paxHeader, 512); // Now write the pax data itself Loading @@ -671,7 +677,7 @@ int write_tarfile(const String8& packageName, const String8& domain, } // Checksum and write the 512-byte ustar file header block to the output calc_tar_checksum(buf); calc_tar_checksum(buf, BUFSIZE); send_tarfile_chunk(writer, buf, 512); // Now write the file data itself, for real files. We honor tar's convention that Loading
services/core/jni/com_android_server_connectivity_Vpn.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -158,7 +158,7 @@ static int set_addresses(const char *name, const char *addresses) } if (count) { sprintf(ifr4.ifr_name, "%s:%d", name, count); snprintf(ifr4.ifr_name, sizeof(ifr4.ifr_name), "%s:%d", name, count); } if (ioctl(inet4, SIOCSIFADDR, &ifr4)) { count = (errno == EINVAL) ? BAD_ARGUMENT : SYSTEM_ERROR; Loading
