Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b43eb943 authored by Dan Austin's avatar Dan Austin
Browse files

Fix null pointer dereference in auditParse 

There is an issue in LogAudit::auditParse where
android::uidToName(uid) crashes with a null pointer dereference.
Include a null check on the value before passing it on.

Bug: 120043607
Test: End-to-end test with syzkaller as per instructions in bug.
Change-Id: Ic0ac5c3003fcd289ec156ce63fbd668413763429
parent 66a6d887

logd/LogAudit.cpp

+7 −2
Original line number Diff line number Diff line
@@ -165,9 +165,14 @@ void LogAudit::auditParse(const std::string& string, uid_t uid, 
        bug_num->assign("");

    }



    // Ensure the uid name is not null before passing it to the bug string.

    if (uid >= AID_APP_START && uid <= AID_APP_END) {

        char* uidname = android::uidToName(uid);

        if (uidname) {

            bug_num->append(" app=");

        bug_num->append(android::uidToName(uid));

            bug_num->append(uidname);

            free(uidname);

        }

    }

}