From 039976e553f261c5c43f9bfc295c31b9f6189ffc Mon Sep 17 00:00:00 2001 From: Christopher Ferris Date: Thu, 5 May 2016 11:21:11 -0700 Subject: Fix null pointer dereference. In the function dump_thread_info, if /proc//comm is unreadable, then threadname will be used in a strncmp causing a crash. The fix is to avoid the check if threadname is null. Bug: 28615417 Change-Id: I54eda86404c927dbf5a987f5dd2108487df9f16c --- debuggerd/tombstone.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'debuggerd') diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp index d802c8c07..f0d3b1f33 100644 --- a/debuggerd/tombstone.cpp +++ b/debuggerd/tombstone.cpp @@ -202,7 +202,7 @@ static void dump_signal_info(log_t* log, pid_t tid, int signal, int si_code) { static void dump_thread_info(log_t* log, pid_t pid, pid_t tid) { char path[64]; char threadnamebuf[1024]; - char* threadname = NULL; + char* threadname = nullptr; FILE *fp; snprintf(path, sizeof(path), "/proc/%d/comm", tid); @@ -218,13 +218,13 @@ static void dump_thread_info(log_t* log, pid_t pid, pid_t tid) { } // Blacklist logd, logd.reader, logd.writer, logd.auditd, logd.control ... static const char logd[] = "logd"; - if (!strncmp(threadname, logd, sizeof(logd) - 1) + if (threadname != nullptr && !strncmp(threadname, logd, sizeof(logd) - 1) && (!threadname[sizeof(logd) - 1] || (threadname[sizeof(logd) - 1] == '.'))) { log->should_retrieve_logcat = false; } char procnamebuf[1024]; - char* procname = NULL; + char* procname = nullptr; snprintf(path, sizeof(path), "/proc/%d/cmdline", pid); if ((fp = fopen(path, "r"))) { -- cgit v1.2.2-2-gfde8