Fix fastboot memory corruption. (aaa3b6bb) · Commits · e / os / android_system_core

fastboot/bootimg_utils.cpp

+5 −3

Original line number	Diff line number	Diff line
		@@ -28,13 +28,15 @@

		#include "bootimg_utils.h"

		#include "fastboot.h"

		#include <stdio.h>
		#include <stdlib.h>
		#include <string.h>

		void bootimg_set_cmdline(boot_img_hdr* h, const char* cmdline)
		{
		strcpy((char*) h->cmdline, cmdline);
		void bootimg_set_cmdline(boot_img_hdr* h, const char* cmdline) {
		if (strlen(cmdline) >= sizeof(h->cmdline)) die("command line too large: %zu", strlen(cmdline));
		strcpy(reinterpret_cast<char*>(h->cmdline), cmdline);
		}

		boot_img_hdr* mkbootimg(void* kernel, int64_t kernel_size, off_t kernel_offset,

+4 −1

Original line number	Diff line number	Diff line
		@@ -447,8 +447,11 @@ static void* load_bootable_image(const std::string& kernel, const std::string& r
		if (kdata == nullptr) die("cannot load '%s': %s", kernel.c_str(), strerror(errno));

		// Is this actually a boot image?
		if (ksize < static_cast<int64_t>(sizeof(boot_img_hdr))) {
		die("cannot load '%s': too short", kernel.c_str());
		}
		if (!memcmp(kdata, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
		if (cmdline) bootimg_set_cmdline((boot_img_hdr*) kdata, cmdline);
		if (cmdline) bootimg_set_cmdline(reinterpret_cast<boot_img_hdr*>(kdata), cmdline);

		if (!ramdisk.empty()) die("cannot boot a boot.img and ramdisk");