diff options
author | Jin Feng <jin88.feng@gmail.com> | 2013-06-04 17:46:24 +0800 |
---|---|---|
committer | Jin Feng <jin88.feng@gmail.com> | 2013-06-04 17:46:24 +0800 |
commit | 93ffa7579cd75d1bdb2d124aa5cc5f8b6025e3d8 (patch) | |
tree | 947b893bed823941f5a7fb5368d892d30bcef135 /recovery.cpp | |
parent | ec838b885dd8b74b8682dd2498c7da8f7afca291 (diff) | |
download | bootable_recovery-93ffa7579cd75d1bdb2d124aa5cc5f8b6025e3d8.zip bootable_recovery-93ffa7579cd75d1bdb2d124aa5cc5f8b6025e3d8.tar.gz bootable_recovery-93ffa7579cd75d1bdb2d124aa5cc5f8b6025e3d8.tar.bz2 |
Fix the potential segmentation fault
Extral newline can trigger recovery segmentation fault
Test case:
host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command'
host$ adb reboot recovery
Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433
Signed-off-by: Jin Feng <jin88.feng@gmail.com>
Diffstat (limited to 'recovery.cpp')
-rw-r--r-- | recovery.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/recovery.cpp b/recovery.cpp index 92aa503..2541e54 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -198,6 +198,7 @@ get_args(int *argc, char ***argv) { if (*argc <= 1) { FILE *fp = fopen_path(COMMAND_FILE, "r"); if (fp != NULL) { + char *token; char *argv0 = (*argv)[0]; *argv = (char **) malloc(sizeof(char *) * MAX_ARGS); (*argv)[0] = argv0; // use the same program name @@ -205,7 +206,12 @@ get_args(int *argc, char ***argv) { char buf[MAX_ARG_LENGTH]; for (*argc = 1; *argc < MAX_ARGS; ++*argc) { if (!fgets(buf, sizeof(buf), fp)) break; - (*argv)[*argc] = strdup(strtok(buf, "\r\n")); // Strip newline. + token = strtok(buf, "\r\n"); + if (token != NULL) { + (*argv)[*argc] = strdup(token); // Strip newline. + } else { + --*argc; + } } check_and_fclose(fp, COMMAND_FILE); |