logd: identical check access message data out of range
(cherry pick from commit 22712428b825951e8a4b38f0482a7cc397e5cd78)
Discovered while running AddressSanitizer, binary events were fed
into logd that were smaller than the binary event string header.
Fix is to check the buffer sizes before performing the memcmp
operation.
Test: compile
Bug: 74574189
Change-Id: Ic01ef6fb0725258d9f39bbdca582ed648a1adc5d
diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index b8af2f0..a78319f 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -171,7 +171,9 @@
}
// audit message (except sequence number) identical?
- if (last->isBinary()) {
+ if (last->isBinary() &&
+ (lenl > static_cast<ssize_t>(sizeof(android_log_event_string_t))) &&
+ (lenr > static_cast<ssize_t>(sizeof(android_log_event_string_t)))) {
if (fastcmp<memcmp>(msgl, msgr, sizeof(android_log_event_string_t) -
sizeof(int32_t))) {
return DIFFERENT;