Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bad50ed2 authored by Steven Moreland's avatar Steven Moreland Committed by android-build-team Robot
Browse files

libutils: check vsnprintf error

For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.

Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
Merged-In: Ia85067d4258bde4b875c832d6223db5dd26b8838
(cherry picked from commit ee22384c)
parent 6072de17
Loading
Loading
Loading
Loading
+7 −1
Original line number Original line Diff line number Diff line
@@ -322,8 +322,14 @@ status_t String8::appendFormatV(const char* fmt, va_list args)
    n = vsnprintf(nullptr, 0, fmt, tmp_args);
    n = vsnprintf(nullptr, 0, fmt, tmp_args);
    va_end(tmp_args);
    va_end(tmp_args);


    if (n != 0) {
    if (n < 0) return UNKNOWN_ERROR;

    if (n > 0) {
        size_t oldLength = length();
        size_t oldLength = length();
        if ((size_t)n > SIZE_MAX - 1 ||
            oldLength > SIZE_MAX - (size_t)n - 1) {
            return NO_MEMORY;
        }
        char* buf = lockBuffer(oldLength + n);
        char* buf = lockBuffer(oldLength + n);
        if (buf) {
        if (buf) {
            vsnprintf(buf + oldLength, n + 1, fmt, args);
            vsnprintf(buf + oldLength, n + 1, fmt, args);