Google Git
Sign in
android / platform / bootable / recovery / c5631fc
commitc5631fc09666a9542d2882299d40500d18d1f68c[log] [tgz]
authorDaniel Micay <danielmicay@gmail.com>Tue Jan 12 16:54:44 2016 -0500
committerTao Bao <tbao@google.com>Tue Jan 12 14:08:34 2016 -0800
tree859048a2d46b59a374a3eee9f9298e3b179b03db
parent6f8b9b60dbf2d73e0ee6e757d565035f017e1ccd [diff]
uncrypt: avoid use-after-free

The `std::string package` variable goes out of scope but the input_path
variable is then used to access the memory as it's set to `c_str()`.

This was detected via OpenBSD malloc's junk filling feature.

Change-Id: Ic4b939347881b6ebebf71884e7e2272ce99510e2
1 file changed
tree: 859048a2d46b59a374a3eee9f9298e3b179b03db
  1. applypatch/
  2. edify/
  3. etc/
  4. fonts/
  5. minadbd/
  6. minui/
  7. minzip/
  8. mtdutils/
  9. res-hdpi/
  10. res-mdpi/
  11. res-xhdpi/
  12. res-xxhdpi/
  13. res-xxxhdpi/
  14. testdata/
  15. tests/
  16. tools/
  17. uncrypt/
  18. update_verifier/
  19. updater/
  20. res-560dpires-xxhdpi
  21. adb_install.cpp
  22. adb_install.h
  23. Android.mk
  24. asn1_decoder.cpp
  25. asn1_decoder.h
  26. bootloader.cpp
  27. bootloader.h
  28. CleanSpec.mk
  29. common.h
  30. default_device.cpp
  31. device.cpp
  32. device.h
  33. fuse_sdcard_provider.cpp
  34. fuse_sdcard_provider.h
  35. fuse_sideload.cpp
  36. fuse_sideload.h
  37. install.cpp
  38. install.h
  39. interlace-frames.py
  40. NOTICE
  41. print_sha1.h
  42. README.md
  43. recovery.cpp
  44. roots.cpp
  45. roots.h
  46. screen_ui.cpp
  47. screen_ui.h
  48. ui.cpp
  49. ui.h
  50. unique_fd.h
  51. verifier.cpp
  52. verifier.h
  53. verifier_test.cpp
  54. verifier_test.sh
  55. wear_ui.cpp
  56. wear_ui.h
README.md

The Recovery Image

Quick turn-around testing

mm -j && m ramdisk-nodeps && m recoveryimage-nodeps

# To boot into the new recovery image
# without flashing the recovery partition:
adb reboot bootloader
fastboot boot $ANDROID_PRODUCT_OUT/recovery.img