commit | 68a1cf1a9de115b66bececf892588075595b263f | [log] [tgz] |
---|---|---|
author | Scott Bauer <sbauer@plzdonthack.me> | Thu Apr 06 18:35:40 2017 -0600 |
committer | Jakub Pawlowski <jpawlowski@google.com> | Thu Sep 28 18:30:21 2017 +0000 |
tree | 7cd3d1f1c856625580db6cd62bbfb0ad13015426 | |
parent | 544f7e1be9a1f17da36955539f084b72130d1962 [diff] |
Read the correct amount of attributes bta_gattc_cache_load currently attempts to read 0xFF attributes into an allocation sized to num_attr attributes, which can be smaller than 0xFF. There aren't more than num_attr bytes in correct data, but this breaks with dynamic buffer overflow checking in CopperheadOS for the read system call since fread ends up calling read, which obtains the size of the allocation from the malloc implementation and then aborts due to the (potential) overflow. This would also fail with the default enabled _FORTIFY_SOURCE=2 feature in the Android Open Source Project if osi_malloc was marked with the alloc_size attribute. The way it wraps malloc loses that information so fortify checks aren't done for calls like this. Bug: 37160362 Change-Id: I68bd170d5378c9d9d21cbda376083bc0b857e15c Signed-off-by: Scott Bauer <sbauer@plzdonthack.me> [migrated to C++ file, added 0xFFFF limit and wrote commit message] Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Just build AOSP - Fluoride is there by default.
Instructions for Ubuntu, tested on 14.04 with Clang 3.5.0 and 16.10 with Clang 3.8.0
mkdir ~/fluoride cd ~/fluoride git clone https://android.googlesource.com/platform/system/bt
Install dependencies (require sudo access):
cd ~/fluoride/bt build/install_deps.sh
Then fetch third party dependencies:
cd ~/fluoride/bt mkdir third_party cd third_party git clone https://github.com/google/googletest.git git clone https://android.googlesource.com/platform/external/aac git clone https://android.googlesource.com/platform/external/libchrome git clone https://android.googlesource.com/platform/external/libldac git clone https://android.googlesource.com/platform/external/modp_b64 git clone https://android.googlesource.com/platform/external/tinyxml2 git clone https://android.googlesource.com/platform/hardware/libhardware
And third party dependencies of third party dependencies:
cd fluoride/bt/third_party/libchrome/base/third_party mkdir valgrind cd valgrind curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/valgrind.h?format=TEXT | base64 -d > valgrind.h curl https://chromium.googlesource.com/chromium/src/base/+/master/third_party/valgrind/memcheck.h?format=TEXT | base64 -d > memcheck.h
NOTE: If system/bt is checked out under AOSP, then create symbolic links instead of downloading sources
cd system/bt mkdir third_party cd third_party ln -s ../../../external/aac aac ln -s ../../../external/libchrome libchrome ln -s ../../../external/libldac libldac ln -s ../../../external/modp_b64 modp_b64 ln -s ../../../external/tinyxml2 tinyxml2 ln -s ../../../hardware/libhardware libhardware ln -s ../../../external/googletest googletest
cd ~/fluoride/bt gn gen out/Default
cd ~/fluoride/bt ninja -C out/Default all
This will build all targets (the shared library, executables, tests, etc) and put them in out/Default. To build an individual target, replace “all” with the target of your choice, e.g. ninja -C out/Default net_test_osi
.
cd ~/fluoride/bt/out/Default LD_LIBRARY_PATH=./ ./bluetoothtbd -create-ipc-socket=fluoride
Follows the Chromium project Eclipse Setup Instructions until “Optional: Building inside Eclipse” section (don't do that section, we will set it up differently)
Generate Eclipse settings:
cd system/bt gn gen --ide=eclipse out/Default
In Eclipse, do File->Import->C/C++->C/C++ Project Settings, choose the XML location under system/bt/out/Default
Right click on the project. Go to Preferences->C/C++ Build->Builder Settings. Uncheck “Use default build command”, but instead using “ninja -C out/Default”
Goto Behaviour tab, change clean command to “-t clean”