diff options
author | Jin Feng <jin88.feng@gmail.com> | 2013-06-04 17:46:24 +0800 |
---|---|---|
committer | Tanguy Pruvot <tanguy.pruvot@gmail.com> | 2013-06-08 15:40:30 +0200 |
commit | 71d76c24dcdbdfaf4508c9121c794e4a324177cd (patch) | |
tree | edfd9368f33fb691639036497c9e18fcd45f8c76 | |
parent | e672fdfefb0f2febfb0312257dd2fe2b09e2d81c (diff) | |
download | bootable_recovery-71d76c24dcdbdfaf4508c9121c794e4a324177cd.zip bootable_recovery-71d76c24dcdbdfaf4508c9121c794e4a324177cd.tar.gz bootable_recovery-71d76c24dcdbdfaf4508c9121c794e4a324177cd.tar.bz2 |
Fix the potential segmentation fault
Extral newline can trigger recovery segmentation fault
Test case:
host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command'
host$ adb reboot recovery
Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433
Signed-off-by: Jin Feng <jin88.feng@gmail.com>
-rw-r--r-- | recovery.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -203,6 +203,7 @@ get_args(int *argc, char ***argv) { if (*argc <= 1) { FILE *fp = fopen_path(COMMAND_FILE, "r"); if (fp != NULL) { + char *token; char *argv0 = (*argv)[0]; *argv = (char **) malloc(sizeof(char *) * MAX_ARGS); (*argv)[0] = argv0; // use the same program name @@ -210,7 +211,12 @@ get_args(int *argc, char ***argv) { char buf[MAX_ARG_LENGTH]; for (*argc = 1; *argc < MAX_ARGS; ++*argc) { if (!fgets(buf, sizeof(buf), fp)) break; - (*argv)[*argc] = strdup(strtok(buf, "\r\n")); // Strip newline. + token = strtok(buf, "\r\n"); + if (token != NULL) { + (*argv)[*argc] = strdup(token); // Strip newline. + } else { + --*argc; + } } check_and_fclose(fp, COMMAND_FILE); |