Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 60515bf9 authored by Josh Gao's avatar Josh Gao
Browse files

debuggerd_handler: don't use snprintf in handler. 

snprintf isn't safe to call in the linker after initialization, because
it uses MB_CUR_MAX which is implemented via pthread_getspecific, which
uses TLS slots shared with libc. If the TLS slots are assigned in a
different order between libc.so and the linker, MB_CUR_MAX will
evaluate to an incorrect value, and lead to snprintf doing bad things.

Switch to __libc_format_buffer.

Bug: http://b/35367169
Test: debuggerd -b `pidof zygote`
Change-Id: I9d315cf63e5f3fd2f4545d6e3f707cdbe94ec606
parent af776fd5

debuggerd/handler/debuggerd_handler.cpp

+4 −3
Original line number Diff line number Diff line
@@ -81,7 +81,7 @@ static void __noreturn __printflike(1, 2) fatal_errno(const char* fmt, ...) { 
  va_start(args, fmt);



  char buf[4096];

  vsnprintf(buf, sizeof(buf), fmt, args);

  __libc_format_buffer_va_list(buf, sizeof(buf), fmt, args);

  fatal("%s: %s", buf, strerror(err));

}
@@ -256,8 +256,9 @@ static int debuggerd_dispatch_pseudothread(void* arg) { 


    char main_tid[10];

    char pseudothread_tid[10];

    snprintf(main_tid, sizeof(main_tid), "%d", thread_info->crashing_tid);

    snprintf(pseudothread_tid, sizeof(pseudothread_tid), "%d", thread_info->pseudothread_tid);

    __libc_format_buffer(main_tid, sizeof(main_tid), "%d", thread_info->crashing_tid);

    __libc_format_buffer(pseudothread_tid, sizeof(pseudothread_tid), "%d", thread_info->pseudothread_tid);



    execl(CRASH_DUMP_PATH, CRASH_DUMP_NAME, main_tid, pseudothread_tid, nullptr);



    fatal_errno("exec failed");