Merge "Fix Heap Corruption from too long of a TAG"

commit: fd7ebb367330ea3b999ca9c2a48431c437c05f67 [log] [tgz]
author: Andy McFadden <fadden@android.com> Tue Mar 02 11:14:39 2010 -0800
committer: Android Code Review <code-review@android.com> Tue Mar 02 11:14:39 2010 -0800
tree: 89f17ac4d6821cf549df1cb840bcbda864b09d16
parent: d6391c6aaaa40c20761b7a2a8d4be115163e4194 [diff]
parent: b45b5c9f227473050ef785d11e518e947c8754fb [diff]
diff --git a/liblog/logprint.c b/liblog/logprint.c
index 080f9e3..acfa9f4 100644
--- a/liblog/logprint.c
+++ b/liblog/logprint.c

@@ -753,6 +753,16 @@
             suffixLen = 1;
             break;
     }
+    /* snprintf has a weird return value.   It returns what would have been
+     * written given a large enough buffer.  In the case that the prefix is
+     * longer then our buffer(128), it messes up the calculations below
+     * possibly causing heap corruption.  To avoid this we double check and
+     * set the length at the maximum (size minus null byte)
+     */
+    if(prefixLen >= sizeof(prefixBuf))
+        prefixLen = sizeof(prefixBuf) - 1;
+    if(suffixLen >= sizeof(suffixBuf))
+        suffixLen = sizeof(suffixBuf) - 1;
 
     /* the following code is tragically unreadable */
commit	fd7ebb367330ea3b999ca9c2a48431c437c05f67	[log] [tgz]
author	Andy McFadden <fadden@android.com>	Tue Mar 02 11:14:39 2010 -0800
committer	Android Code Review <code-review@android.com>	Tue Mar 02 11:14:39 2010 -0800
tree	89f17ac4d6821cf549df1cb840bcbda864b09d16
parent	d6391c6aaaa40c20761b7a2a8d4be115163e4194 [diff]
parent	b45b5c9f227473050ef785d11e518e947c8754fb [diff]