Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bad50ed2 authored by Steven Moreland's avatar Steven Moreland Committed by android-build-team Robot
Browse files

libutils: check vsnprintf error 

For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.

Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
Merged-In: Ia85067d4258bde4b875c832d6223db5dd26b8838
(cherry picked from commit ee22384c)
parent 6072de17

libutils/String8.cpp

+7 −1
Original line number Original line Diff line number Diff line
@@ -322,8 +322,14 @@ status_t String8::appendFormatV(const char* fmt, va_list args) 
    n = vsnprintf(nullptr, 0, fmt, tmp_args);

    n = vsnprintf(nullptr, 0, fmt, tmp_args);

    va_end(tmp_args);

    va_end(tmp_args);





    if (n != 0) {

    if (n < 0) return UNKNOWN_ERROR;



    if (n > 0) {

        size_t oldLength = length();

        size_t oldLength = length();

        if ((size_t)n > SIZE_MAX - 1 ||

            oldLength > SIZE_MAX - (size_t)n - 1) {

            return NO_MEMORY;

        }

        char* buf = lockBuffer(oldLength + n);

        char* buf = lockBuffer(oldLength + n);

        if (buf) {

        if (buf) {

            vsnprintf(buf + oldLength, n + 1, fmt, args);

            vsnprintf(buf + oldLength, n + 1, fmt, args);