Fix potential format string vulnerability A sensor name containing a format string could have interesting side effects... Change-Id: If7f1378aa68572d9716c339728eab18faa6b9f2a Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>

commit: 5f6199373dc1e07d2ee5edbae7ecfa08a065492e [log] [tgz]
author: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org> Mon Nov 17 21:06:20 2014 +0100
committer: Chih-Hung Hsieh <chh@google.com> Mon Nov 24 16:59:39 2014 -0800
tree: fa694bbcaf800818067bf7b839b43126cb4a253a
parent: 2e42a90653abd0fc8a76909b5f101782d187136e [diff] [blame]
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index dc8fa64..9b2acea 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp

@@ -617,12 +617,9 @@
         if (canAccessSensor(sensor)) {
             accessibleSensorList.add(sensor);
         } else {
-            String8 infoMessage;
-            infoMessage.appendFormat(
-                    "Skipped sensor %s because it requires permission %s",
-                    sensor.getName().string(),
-                    sensor.getRequiredPermission().string());
-            ALOGI(infoMessage.string());
+            ALOGI("Skipped sensor %s because it requires permission %s",
+                  sensor.getName().string(),
+                  sensor.getRequiredPermission().string());
         }
     }
     return accessibleSensorList;
commit	5f6199373dc1e07d2ee5edbae7ecfa08a065492e	[log] [tgz]
author	Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>	Mon Nov 17 21:06:20 2014 +0100
committer	Chih-Hung Hsieh <chh@google.com>	Mon Nov 24 16:59:39 2014 -0800
tree	fa694bbcaf800818067bf7b839b43126cb4a253a
parent	2e42a90653abd0fc8a76909b5f101782d187136e [diff] [blame]