logger: validate hdr_size field in logger entry - check hdr_size to make sure it is in the expected range from sizeof entry_v1 to entry (entry_v4). - alter msg() method to report NULL on invalid hdr_size - alter all users of msg() method. Bug: 30947841 Change-Id: I9bc1740d7aa9f37df5be966c18de1fb9de63d5dd

commit: 305374cf0f8cf28b58a108cf4f45df92fc0dde86 [log] [tgz]
author: Mark Salyzyn <salyzyn@google.com> Thu Aug 18 14:59:41 2016 -0700
committer: Mark Salyzyn <salyzyn@google.com> Tue Aug 23 14:51:50 2016 -0700
tree: 4f7ae56a180ae568508f5da1f4f83e25a054d712
parent: 82b67fff06363c8e7a17058cb5ce748f21a27f11 [diff] [blame]
diff --git a/liblog/pmsg_reader.c b/liblog/pmsg_reader.c
index a4eec65..679c159 100644
--- a/liblog/pmsg_reader.c
+++ b/liblog/pmsg_reader.c

@@ -343,6 +343,10 @@
         char *msg = (char *)&transp.logMsg + hdr_size;
         char *split = NULL;
 
+        if ((hdr_size < sizeof(transp.logMsg.entry_v1)) ||
+                (hdr_size > sizeof(transp.logMsg.entry))) {
+            continue;
+        }
         /* Check for invalid sequence number */
         if ((transp.logMsg.entry.nsec % ANDROID_LOG_PMSG_FILE_SEQUENCE) ||
                 ((transp.logMsg.entry.nsec / ANDROID_LOG_PMSG_FILE_SEQUENCE) >=
commit	305374cf0f8cf28b58a108cf4f45df92fc0dde86	[log] [tgz]
author	Mark Salyzyn <salyzyn@google.com>	Thu Aug 18 14:59:41 2016 -0700
committer	Mark Salyzyn <salyzyn@google.com>	Tue Aug 23 14:51:50 2016 -0700
tree	4f7ae56a180ae568508f5da1f4f83e25a054d712
parent	82b67fff06363c8e7a17058cb5ce748f21a27f11 [diff] [blame]