From 3372f2e259247810627fd22033406163284f4f64 Mon Sep 17 00:00:00 2001 From: Johannes Carlsson Date: Wed, 30 Jun 2010 08:45:55 +0200 Subject: Corrected buffer overflow when parsing /proc/wakelocks The android_os_Process_parseProcLineArray in android_util_Process.cpp writes up to buffer[endIndex]. This sometimes caused an assert to be triggered in NewStringUTF when the output from /proc/wakelocks was larger than 4096 bytes. The buffer was also increased in order to be able to parse all wakelocks completely. Change-Id: Idf8e66d61ad979377569048f59c3eee278b146db --- core/java/com/android/internal/os/BatteryStatsImpl.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/core/java/com/android/internal/os/BatteryStatsImpl.java b/core/java/com/android/internal/os/BatteryStatsImpl.java index aadb576..167e45d 100644 --- a/core/java/com/android/internal/os/BatteryStatsImpl.java +++ b/core/java/com/android/internal/os/BatteryStatsImpl.java @@ -844,7 +844,7 @@ public final class BatteryStatsImpl extends BatteryStats { private final Map readKernelWakelockStats() { - byte[] buffer = new byte[4096]; + byte[] buffer = new byte[8192]; int len; try { @@ -891,9 +891,11 @@ public final class BatteryStatsImpl extends BatteryStats { for (endIndex=startIndex; endIndex < len && wlBuffer[endIndex] != '\n' && wlBuffer[endIndex] != '\0'; endIndex++); - // Don't go over the end of the buffer - if (endIndex < len) { - endIndex++; // endIndex is an exclusive upper bound. + endIndex++; // endIndex is an exclusive upper bound. + // Don't go over the end of the buffer, Process.parseProcLine might + // write to wlBuffer[endIndex] + if (endIndex >= (len - 1) ) { + return m; } String[] nameStringArray = mProcWakelocksName; -- cgit v1.1