display: Remove klockwork warnings and errors.
Remove all klockwork warnings and errors for libgralloc,
libhwcomposer, liboverlay, libqdutils, libqservice, libvirtual,
libexternal libraries to avoid buffer overflow and memory leaks.
Change-Id: I078143bcbcf5e4b342156bd8305a644566f7cc4b
diff --git a/libexternal/external.cpp b/libexternal/external.cpp
index e6395fb..1268b0f 100644
--- a/libexternal/external.cpp
+++ b/libexternal/external.cpp
@@ -175,6 +175,7 @@
int len = -1;
char scanInfo[17];
char *ce_info_str = NULL;
+ char *save_ptr;
const char token[] = ", \n";
int ce_info = -1;
char sysFsScanInfoFilePath[MAX_SYSFS_FILE_PATH];
@@ -210,13 +211,13 @@
*/
/* PT */
- ce_info_str = strtok(scanInfo, token);
+ ce_info_str = strtok_r(scanInfo, token, &save_ptr);
if (ce_info_str) {
/* IT */
- ce_info_str = strtok(NULL, token);
+ ce_info_str = strtok_r(NULL, token, &save_ptr);
if (ce_info_str) {
/* CE */
- ce_info_str = strtok(NULL, token);
+ ce_info_str = strtok_r(NULL, token, &save_ptr);
if (ce_info_str)
ce_info = atoi(ce_info_str);
}
diff --git a/libgralloc/alloc_controller.cpp b/libgralloc/alloc_controller.cpp
index 42f3c77..723267b 100644
--- a/libgralloc/alloc_controller.cpp
+++ b/libgralloc/alloc_controller.cpp
@@ -566,9 +566,7 @@
tileEnabled,
alignedw,
alignedh);
-
- if(size)
- size = getSize(format, width, height, alignedw, alignedh);
+ size = getSize(format, width, height, alignedw, alignedh);
}
diff --git a/libgralloc/framebuffer.cpp b/libgralloc/framebuffer.cpp
index 3109303..a7a58dc 100644
--- a/libgralloc/framebuffer.cpp
+++ b/libgralloc/framebuffer.cpp
@@ -134,12 +134,16 @@
memset(&module->commit, 0, sizeof(struct mdp_display_commit));
struct fb_fix_screeninfo finfo;
- if (ioctl(fd, FBIOGET_FSCREENINFO, &finfo) == -1)
+ if (ioctl(fd, FBIOGET_FSCREENINFO, &finfo) == -1) {
+ close(fd);
return -errno;
+ }
struct fb_var_screeninfo info;
- if (ioctl(fd, FBIOGET_VSCREENINFO, &info) == -1)
+ if (ioctl(fd, FBIOGET_VSCREENINFO, &info) == -1) {
+ close(fd);
return -errno;
+ }
info.reserved[0] = 0;
info.reserved[1] = 0;
@@ -232,8 +236,10 @@
info.yres_virtual, info.yres*2);
}
- if (ioctl(fd, FBIOGET_VSCREENINFO, &info) == -1)
+ if (ioctl(fd, FBIOGET_VSCREENINFO, &info) == -1) {
+ close(fd);
return -errno;
+ }
if (int(info.width) <= 0 || int(info.height) <= 0) {
// the driver doesn't return that information
@@ -250,6 +256,7 @@
metadata.op = metadata_op_frame_rate;
if (ioctl(fd, MSMFB_METADATA_GET, &metadata) == -1) {
ALOGE("Error retrieving panel frame rate");
+ close(fd);
return -errno;
}
float fps = metadata.data.panel_frame_rate;
@@ -289,11 +296,15 @@
);
- if (ioctl(fd, FBIOGET_FSCREENINFO, &finfo) == -1)
+ if (ioctl(fd, FBIOGET_FSCREENINFO, &finfo) == -1) {
+ close(fd);
return -errno;
+ }
- if (finfo.smem_len <= 0)
+ if (finfo.smem_len <= 0) {
+ close(fd);
return -errno;
+ }
module->flags = flags;
module->info = info;
@@ -322,6 +333,7 @@
void* vaddr = mmap(0, fbSize, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (vaddr == MAP_FAILED) {
ALOGE("Error mapping the framebuffer (%s)", strerror(errno));
+ close(fd);
return -errno;
}
module->framebuffer->base = intptr_t(vaddr);
@@ -373,6 +385,10 @@
/* initialize our state here */
fb_context_t *dev = (fb_context_t*)malloc(sizeof(*dev));
+ if(dev == NULL) {
+ gralloc_close(gralloc_device);
+ return status;
+ }
memset(dev, 0, sizeof(*dev));
/* initialize the procs */
diff --git a/libhwcomposer/hwc.cpp b/libhwcomposer/hwc.cpp
index f157f6b..e27368d 100644
--- a/libhwcomposer/hwc.cpp
+++ b/libhwcomposer/hwc.cpp
@@ -764,6 +764,8 @@
if (!strcmp(name, HWC_HARDWARE_COMPOSER)) {
struct hwc_context_t *dev;
dev = (hwc_context_t*)malloc(sizeof(*dev));
+ if(dev == NULL)
+ return status;
memset(dev, 0, sizeof(*dev));
//Initialize hwc context
diff --git a/libhwcomposer/hwc_copybit.cpp b/libhwcomposer/hwc_copybit.cpp
index 8c83469..d47853a 100644
--- a/libhwcomposer/hwc_copybit.cpp
+++ b/libhwcomposer/hwc_copybit.cpp
@@ -517,7 +517,7 @@
src.format != HAL_PIXEL_FORMAT_RGBA_8888) {
format = HAL_PIXEL_FORMAT_RGBX_8888;
}
- if (0 == alloc_buffer(&tmpHnd, tmp_w, tmp_h, format, usage)){
+ if (0 == alloc_buffer(&tmpHnd, tmp_w, tmp_h, format, usage) && tmpHnd) {
copybit_image_t tmp_dst;
copybit_rect_t tmp_rect;
tmp_dst.w = tmp_w;
diff --git a/libhwcomposer/hwc_dump_layers.cpp b/libhwcomposer/hwc_dump_layers.cpp
index 6df8ce3..bebcc18 100644
--- a/libhwcomposer/hwc_dump_layers.cpp
+++ b/libhwcomposer/hwc_dump_layers.cpp
@@ -61,11 +61,12 @@
mDpy(dpy) {
char dumpPropStr[PROPERTY_VALUE_MAX];
if(mDpy) {
- strncpy(mDisplayName, "external", strlen("external"));
+ strlcpy(mDisplayName, "external", sizeof(mDisplayName));
} else {
- strncpy(mDisplayName, "primary", strlen("primary"));
+ strlcpy(mDisplayName, "primary", sizeof(mDisplayName));
}
- sprintf(mDumpPropKeyDisplayType, "debug.sf.dump.%s", (char *)mDisplayName);
+ snprintf(mDumpPropKeyDisplayType, sizeof(mDumpPropKeyDisplayType),
+ "debug.sf.dump.%s", (char *)mDisplayName);
if ((property_get("debug.sf.dump.enable", dumpPropStr, NULL) > 0)) {
if(!strncmp(dumpPropStr, "true", strlen("true"))) {
@@ -113,7 +114,7 @@
if ((property_get("debug.sf.dump.png", dumpPropStr, NULL) > 0) &&
(strncmp(dumpPropStr, mDumpPropStrPng, PROPERTY_VALUE_MAX - 1))) {
// Strings exist & not equal implies it has changed, so trigger a dump
- strncpy(mDumpPropStrPng, dumpPropStr, PROPERTY_VALUE_MAX - 1);
+ strlcpy(mDumpPropStrPng, dumpPropStr, sizeof(mDumpPropStrPng));
mDumpCntLimPng = atoi(dumpPropStr);
if (mDumpCntLimPng > MAX_ALLOWED_FRAMEDUMPS) {
ALOGW("Warning: Using debug.sf.dump.png %d (= max)",
@@ -122,7 +123,7 @@
}
mDumpCntLimPng = (mDumpCntLimPng < 0) ? 0: mDumpCntLimPng;
if (mDumpCntLimPng) {
- sprintf(mDumpDirPng,
+ snprintf(mDumpDirPng, sizeof(mDumpDirPng),
"/data/sfdump.png.%04d.%02d.%02d.%02d.%02d.%02d",
dumpTime.tm_year + 1900, dumpTime.tm_mon + 1,
dumpTime.tm_mday, dumpTime.tm_hour,
@@ -143,7 +144,7 @@
if ((property_get("debug.sf.dump", dumpPropStr, NULL) > 0) &&
(strncmp(dumpPropStr, mDumpPropStrRaw, PROPERTY_VALUE_MAX - 1))) {
// Strings exist & not equal implies it has changed, so trigger a dump
- strncpy(mDumpPropStrRaw, dumpPropStr, PROPERTY_VALUE_MAX - 1);
+ strlcpy(mDumpPropStrRaw, dumpPropStr, sizeof(mDumpPropStrRaw));
mDumpCntLimRaw = atoi(dumpPropStr);
if (mDumpCntLimRaw > MAX_ALLOWED_FRAMEDUMPS) {
ALOGW("Warning: Using debug.sf.dump %d (= max)",
@@ -152,7 +153,7 @@
}
mDumpCntLimRaw = (mDumpCntLimRaw < 0) ? 0: mDumpCntLimRaw;
if (mDumpCntLimRaw) {
- sprintf(mDumpDirRaw,
+ snprintf(mDumpDirRaw, sizeof(mDumpDirRaw),
"/data/sfdump.raw.%04d.%02d.%02d.%02d.%02d.%02d",
dumpTime.tm_year + 1900, dumpTime.tm_mon + 1,
dumpTime.tm_mday, dumpTime.tm_hour,
@@ -277,11 +278,13 @@
bool needDumpRaw = (mDumpCntrRaw <= mDumpCntLimRaw)? true:false;
if (needDumpPng) {
- sprintf(dumpLogStrPng, "[png-dump-frame: %03d of %03d]", mDumpCntrPng,
+ snprintf(dumpLogStrPng, sizeof(dumpLogStrPng),
+ "[png-dump-frame: %03d of %03d]", mDumpCntrPng,
mDumpCntLimPng);
}
if (needDumpRaw) {
- sprintf(dumpLogStrRaw, "[raw-dump-frame: %03d of %03d]", mDumpCntrRaw,
+ snprintf(dumpLogStrRaw, sizeof(dumpLogStrRaw),
+ "[raw-dump-frame: %03d of %03d]", mDumpCntrRaw,
mDumpCntLimRaw);
}
@@ -311,7 +314,8 @@
char dumpFilename[PATH_MAX];
SkBitmap *tempSkBmp = new SkBitmap();
SkBitmap::Config tempSkBmpConfig = SkBitmap::kNo_Config;
- sprintf(dumpFilename, "%s/sfdump%03d.layer%zu.%s.png", mDumpDirPng,
+ snprintf(dumpFilename, sizeof(dumpFilename),
+ "%s/sfdump%03d.layer%d.%s.png", mDumpDirPng,
mDumpCntrPng, layerIndex, mDisplayName);
switch (hnd->format) {
@@ -347,7 +351,8 @@
if (needDumpRaw && hnd->base) {
char dumpFilename[PATH_MAX];
bool bResult = false;
- sprintf(dumpFilename, "%s/sfdump%03d.layer%zu.%dx%d.%s.%s.raw",
+ snprintf(dumpFilename, sizeof(dumpFilename),
+ "%s/sfdump%03d.layer%d.%dx%d.%s.%s.raw",
mDumpDirRaw, mDumpCntrRaw,
layerIndex, getWidth(hnd), getHeight(hnd),
pixFormatStr, mDisplayName);
@@ -369,65 +374,65 @@
switch(format) {
case HAL_PIXEL_FORMAT_RGBA_8888:
- strcpy(pixFormatStr, "RGBA_8888");
+ strlcpy(pixFormatStr, "RGBA_8888", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_RGBX_8888:
- strcpy(pixFormatStr, "RGBX_8888");
+ strlcpy(pixFormatStr, "RGBX_8888", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_RGB_888:
- strcpy(pixFormatStr, "RGB_888");
+ strlcpy(pixFormatStr, "RGB_888", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_RGB_565:
- strcpy(pixFormatStr, "RGB_565");
+ strlcpy(pixFormatStr, "RGB_565", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_BGRA_8888:
- strcpy(pixFormatStr, "BGRA_8888");
+ strlcpy(pixFormatStr, "BGRA_8888", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YV12:
- strcpy(pixFormatStr, "YV12");
+ strlcpy(pixFormatStr, "YV12", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCbCr_422_SP:
- strcpy(pixFormatStr, "YCbCr_422_SP_NV16");
+ strlcpy(pixFormatStr, "YCbCr_422_SP_NV16", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCrCb_420_SP:
- strcpy(pixFormatStr, "YCrCb_420_SP_NV21");
+ strlcpy(pixFormatStr, "YCrCb_420_SP_NV21", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCbCr_422_I:
- strcpy(pixFormatStr, "YCbCr_422_I_YUY2");
+ strlcpy(pixFormatStr, "YCbCr_422_I_YUY2", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCrCb_422_I:
- strlcpy(pixFormatStr, "YCrCb_422_I_YVYU",
- sizeof("YCrCb_422_I_YVYU"));
+ strlcpy(pixFormatStr, "YCrCb_422_I_YVYU", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_NV12_ENCODEABLE:
- strcpy(pixFormatStr, "NV12_ENCODEABLE");
+ strlcpy(pixFormatStr, "NV12_ENCODEABLE", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCbCr_420_SP_TILED:
- strcpy(pixFormatStr, "YCbCr_420_SP_TILED_TILE_4x2");
+ strlcpy(pixFormatStr, "YCbCr_420_SP_TILED_TILE_4x2",
+ sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCbCr_420_SP:
- strcpy(pixFormatStr, "YCbCr_420_SP");
+ strlcpy(pixFormatStr, "YCbCr_420_SP", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCrCb_420_SP_ADRENO:
- strcpy(pixFormatStr, "YCrCb_420_SP_ADRENO");
+ strlcpy(pixFormatStr, "YCrCb_420_SP_ADRENO", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCrCb_422_SP:
- strcpy(pixFormatStr, "YCrCb_422_SP");
+ strlcpy(pixFormatStr, "YCrCb_422_SP", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_R_8:
- strcpy(pixFormatStr, "R_8");
+ strlcpy(pixFormatStr, "R_8", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_RG_88:
- strcpy(pixFormatStr, "RG_88");
+ strlcpy(pixFormatStr, "RG_88", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_INTERLACE:
- strcpy(pixFormatStr, "INTERLACE");
+ strlcpy(pixFormatStr, "INTERLACE", sizeof(pixFormatStr));
break;
case HAL_PIXEL_FORMAT_YCbCr_420_SP_VENUS:
- strcpy(pixFormatStr, "YCbCr_420_SP_VENUS");
+ strlcpy(pixFormatStr, "YCbCr_420_SP_VENUS", sizeof(pixFormatStr));
break;
default:
- sprintf(pixFormatStr, "Unknown0x%X", format);
+ snprintf(pixFormatStr, sizeof(pixFormatStr), "Unknown0x%X", format);
break;
}
}
diff --git a/libhwcomposer/hwc_fbupdate.cpp b/libhwcomposer/hwc_fbupdate.cpp
index b81494d..78a05e9 100644
--- a/libhwcomposer/hwc_fbupdate.cpp
+++ b/libhwcomposer/hwc_fbupdate.cpp
@@ -45,7 +45,7 @@
}
IFBUpdate::IFBUpdate(hwc_context_t *ctx, const int& dpy) : mDpy(dpy) {
- size_t size;
+ size_t size = 0;
getBufferAttributes(ctx->dpyAttr[mDpy].xres,
ctx->dpyAttr[mDpy].yres,
HAL_PIXEL_FORMAT_RGBA_8888,
diff --git a/libhwcomposer/hwc_utils.cpp b/libhwcomposer/hwc_utils.cpp
index d94e0e9..e7ead9b 100644
--- a/libhwcomposer/hwc_utils.cpp
+++ b/libhwcomposer/hwc_utils.cpp
@@ -486,7 +486,7 @@
// the position based on the new width and height
if ((extOrientation & HWC_TRANSFORM_ROT_90) &&
isOrientationPortrait(ctx)) {
- hwc_rect_t r;
+ hwc_rect_t r = {0, 0, 0, 0};
//Calculate the position
xRatio = (outPos.x - xPos)/width;
// GetaspectRatio -- tricky to get the correct aspect ratio
@@ -1227,25 +1227,30 @@
for(uint32_t i = 0; i < ctx->mLayerRotMap[dpy]->getCount(); i++) {
int rotFd = ctx->mRotMgr->getRotDevFd();
int rotReleaseFd = -1;
+ overlay::Rotator* currRot = ctx->mLayerRotMap[dpy]->getRot(i);
+ hwc_layer_1_t* currLayer = ctx->mLayerRotMap[dpy]->getLayer(i);
+ if((currRot == NULL) || (currLayer == NULL)) {
+ continue;
+ }
struct mdp_buf_sync rotData;
memset(&rotData, 0, sizeof(rotData));
rotData.acq_fen_fd =
- &ctx->mLayerRotMap[dpy]->getLayer(i)->acquireFenceFd;
+ &currLayer->acquireFenceFd;
rotData.rel_fen_fd = &rotReleaseFd; //driver to populate this
- rotData.session_id = ctx->mLayerRotMap[dpy]->getRot(i)->getSessId();
+ rotData.session_id = currRot->getSessId();
int ret = 0;
ret = ioctl(rotFd, MSMFB_BUFFER_SYNC, &rotData);
if(ret < 0) {
ALOGE("%s: ioctl MSMFB_BUFFER_SYNC failed for rot sync, err=%s",
__FUNCTION__, strerror(errno));
} else {
- close(ctx->mLayerRotMap[dpy]->getLayer(i)->acquireFenceFd);
+ close(currLayer->acquireFenceFd);
//For MDP to wait on.
- ctx->mLayerRotMap[dpy]->getLayer(i)->acquireFenceFd =
+ currLayer->acquireFenceFd =
dup(rotReleaseFd);
//A buffer is free to be used by producer as soon as its copied to
//rotator
- ctx->mLayerRotMap[dpy]->getLayer(i)->releaseFenceFd =
+ currLayer->releaseFenceFd =
rotReleaseFd;
}
}
diff --git a/liboverlay/overlay.cpp b/liboverlay/overlay.cpp
index 6feffc4..265aa9f 100644
--- a/liboverlay/overlay.cpp
+++ b/liboverlay/overlay.cpp
@@ -45,7 +45,8 @@
Overlay::Overlay() {
- PipeBook::NUM_PIPES = qdutils::MDPVersion::getInstance().getTotalPipes();
+ int numPipes = qdutils::MDPVersion::getInstance().getTotalPipes();
+ PipeBook::NUM_PIPES = (numPipes <= utils::OV_MAX)? numPipes : utils::OV_MAX;
for(int i = 0; i < PipeBook::NUM_PIPES; i++) {
mPipeBook[i].init();
}
@@ -79,11 +80,11 @@
//fds
if(mPipeBook[i].valid()) {
char str[32];
- sprintf(str, "Unset=%s dpy=%d mix=%d; ",
+ snprintf(str, 32, "Unset=%s dpy=%d mix=%d; ",
PipeBook::getDestStr((eDest)i),
mPipeBook[i].mDisplay, mPipeBook[i].mMixer);
#if PIPE_DEBUG
- strncat(mDumpStr, str, strlen(str));
+ strlcat(mDumpStr, str, sizeof(mDumpStr));
#endif
}
mPipeBook[i].destroy();
@@ -146,7 +147,7 @@
snprintf(str, 32, "Set=%s dpy=%d mix=%d; ",
PipeBook::getDestStr(dest), dpy, mixer);
#if PIPE_DEBUG
- strncat(mDumpStr, str, strlen(str));
+ strlcat(mDumpStr, str, sizeof(mDumpStr));
#endif
}
} else {
@@ -396,19 +397,19 @@
void Overlay::getDump(char *buf, size_t len) {
int totalPipes = 0;
const char *str = "\nOverlay State\n\n";
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
for(int i = 0; i < PipeBook::NUM_PIPES; i++) {
if(mPipeBook[i].valid()) {
mPipeBook[i].mPipe->getDump(buf, len);
char str[64] = {'\0'};
snprintf(str, 64, "Display=%d\n\n", mPipeBook[i].mDisplay);
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
totalPipes++;
}
}
char str_pipes[64] = {'\0'};
snprintf(str_pipes, 64, "Pipes=%d\n\n", totalPipes);
- strncat(buf, str_pipes, strlen(str_pipes));
+ strlcat(buf, str_pipes, len);
}
void Overlay::clear(int dpy) {
diff --git a/liboverlay/overlayRotator.cpp b/liboverlay/overlayRotator.cpp
index d912dc7..a14980b 100644
--- a/liboverlay/overlayRotator.cpp
+++ b/liboverlay/overlayRotator.cpp
@@ -178,7 +178,7 @@
}
char str[4] = {'\0'};
snprintf(str, 4, "\n");
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
}
int RotMgr::getRotDevFd() {
diff --git a/liboverlay/overlayUtils.cpp b/liboverlay/overlayUtils.cpp
index 5cc4c03..41efc48 100644
--- a/liboverlay/overlayUtils.cpp
+++ b/liboverlay/overlayUtils.cpp
@@ -417,29 +417,29 @@
"V.Deci=%d\n",
prefix, ov.id, ov.z_order, ov.is_fg, ov.alpha,
ov.transp_mask, ov.flags, ov.horz_deci, ov.vert_deci);
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
getDump(buf, len, "\tsrc", ov.src);
getDump(buf, len, "\tsrc_rect", ov.src_rect);
getDump(buf, len, "\tdst_rect", ov.dst_rect);
}
-void getDump(char *buf, size_t /*len*/, const char *prefix,
+void getDump(char *buf, size_t len, const char *prefix,
const msmfb_img& ov) {
char str_src[256] = {'\0'};
snprintf(str_src, 256,
"%s w=%d h=%d format=%d %s\n",
prefix, ov.width, ov.height, ov.format,
overlay::utils::getFormatString(ov.format));
- strncat(buf, str_src, strlen(str_src));
+ strlcat(buf, str_src, len);
}
-void getDump(char *buf, size_t /*len*/, const char *prefix,
+void getDump(char *buf, size_t len, const char *prefix,
const mdp_rect& ov) {
char str_rect[256] = {'\0'};
snprintf(str_rect, 256,
"%s x=%d y=%d w=%d h=%d\n",
prefix, ov.x, ov.y, ov.w, ov.h);
- strncat(buf, str_rect, strlen(str_rect));
+ strlcat(buf, str_rect, len);
}
void getDump(char *buf, size_t len, const char *prefix,
@@ -448,17 +448,17 @@
snprintf(str, 256,
"%s id=%d\n",
prefix, ov.id);
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
getDump(buf, len, "\tdata", ov.data);
}
-void getDump(char *buf, size_t /*len*/, const char *prefix,
+void getDump(char *buf, size_t len, const char *prefix,
const msmfb_data& ov) {
char str_data[256] = {'\0'};
snprintf(str_data, 256,
"%s offset=%d memid=%d id=%d flags=0x%x\n",
prefix, ov.offset, ov.memory_id, ov.id, ov.flags);
- strncat(buf, str_data, strlen(str_data));
+ strlcat(buf, str_data, len);
}
void getDump(char *buf, size_t len, const char *prefix,
@@ -467,7 +467,7 @@
snprintf(str, 256, "%s sessid=%u rot=%d, enable=%d downscale=%d\n",
prefix, rot.session_id, rot.rotations, rot.enable,
rot.downscale_ratio);
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
getDump(buf, len, "\tsrc", rot.src);
getDump(buf, len, "\tdst", rot.dst);
getDump(buf, len, "\tsrc_rect", rot.src_rect);
@@ -479,7 +479,7 @@
snprintf(str, 256,
"%s sessid=%u\n",
prefix, rot.session_id);
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
getDump(buf, len, "\tsrc", rot.src);
getDump(buf, len, "\tdst", rot.dst);
}
diff --git a/liboverlay/overlayUtils.h b/liboverlay/overlayUtils.h
index 24fba33..c558cf3 100644
--- a/liboverlay/overlayUtils.h
+++ b/liboverlay/overlayUtils.h
@@ -816,7 +816,7 @@
inline void OvFD::setPath(const char* const dev)
{
- ::strncpy(mPath, dev, utils::MAX_PATH_LEN);
+ ::strlcpy(mPath, dev, sizeof(mPath));
}
inline bool OvFD::close()
diff --git a/liboverlay/overlayWriteback.cpp b/liboverlay/overlayWriteback.cpp
index fdead74..08af00f 100644
--- a/liboverlay/overlayWriteback.cpp
+++ b/liboverlay/overlayWriteback.cpp
@@ -261,7 +261,7 @@
utils::getDump(buf, len, "WBData", sWb->mFbData);
char str[4] = {'\0'};
snprintf(str, 4, "\n");
- strncat(buf, str, strlen(str));
+ strlcat(buf, str, len);
return true;
}
return false;
diff --git a/libqdutils/mdp_version.cpp b/libqdutils/mdp_version.cpp
index 9e36980..31c9155 100644
--- a/libqdutils/mdp_version.cpp
+++ b/libqdutils/mdp_version.cpp
@@ -246,6 +246,7 @@
if(fp){
//Format "left right" space as delimiter
if(fread(split, sizeof(char), 64, fp)) {
+ split[sizeof(split) - 1] = '\0';
mSplit.mLeft = atoi(split);
ALOGI_IF(mSplit.mLeft, "Left Split=%d", mSplit.mLeft);
char *rght = strpbrk(split, " ");
diff --git a/libqservice/IQService.cpp b/libqservice/IQService.cpp
index 096444f..f0d7576 100644
--- a/libqservice/IQService.cpp
+++ b/libqservice/IQService.cpp
@@ -123,7 +123,7 @@
snprintf(buf, size, "/proc/%d/cmdline", pid);
fd = open(buf, O_RDONLY);
if (fd < 0) {
- strcpy(buf, "Unknown");
+ strlcpy(buf, "Unknown", size);
} else {
int len = read(fd, buf, size - 1);
buf[len] = 0;
diff --git a/libvirtual/virtual.cpp b/libvirtual/virtual.cpp
index 342044c..795d8a1 100644
--- a/libvirtual/virtual.cpp
+++ b/libvirtual/virtual.cpp
@@ -191,7 +191,7 @@
getFbForDpy(HWC_DISPLAY_VIRTUAL);
char strDevPath[MAX_SYSFS_FILE_PATH];
- sprintf(strDevPath,"/dev/graphics/fb%d", fbNum);
+ snprintf(strDevPath,sizeof(strDevPath), "/dev/graphics/fb%d", fbNum);
mFd = open(strDevPath, O_RDWR);
if(mFd < 0) {