diff --git a/crashlog/config.c b/crashlog/config.c index 950d444..1b8f341 100644 --- a/crashlog/config.c +++ b/crashlog/config.c @@ -98,7 +98,7 @@ static void add_section(char *config, pconfig_handle conf_handle) { conf_handle->current->next = newsect; } conf_handle->current = newsect; - newsect->name = malloc(strlen(config)); + newsect->name = malloc(strlen(config) + 1); if(!newsect->name) { if(newsect) { free(newsect); diff --git a/crashlog/crashutils.c b/crashlog/crashutils.c index d7be121..6775773 100755 --- a/crashlog/crashutils.c +++ b/crashlog/crashutils.c @@ -164,13 +164,14 @@ unsigned long long get_uptime(int refresh, int *error) // Find system last kmsg from dropbox static int find_system_last_kmsg(char *source, int source_length) { struct dirent *entry; - DIR *dir = opendir(DROPBOX_DIR); + DIR *dir; int file_exist = 0; if (source == NULL) { LOGE("source is NULL.\n"); return file_exist; } + dir = opendir(DROPBOX_DIR); if (dir == NULL) { LOGE("No such directory: %s\n",DROPBOX_DIR); return file_exist; @@ -188,9 +189,9 @@ static int find_system_last_kmsg(char *source, int source_length) { } void do_last_kmsg_copy(char *dir) { - char destion[PATHMAX]; - char source[PATHMAX]; + char source[PATHMAX] = {0}; char sourcepath[PATHMAX]; + char destion[PATHMAX]; if ( file_exists(LAST_KMSG) ) { snprintf(destion, sizeof(destion), "%s/%s", dir, LAST_KMSG_FILE); @@ -206,7 +207,7 @@ void do_last_kmsg_copy(char *dir) { snprintf(destion, sizeof(destion), "%s/%s", dir, FTRACE_RAMOOPS_FILE); do_copy_tail(FTRACE_RAMOOPS, destion, MAXFILESIZE); } - if (find_system_last_kmsg(&source, sizeof(source))) { + if (find_system_last_kmsg(source, sizeof(source))) { snprintf(destion, sizeof(destion), "%s/%s", dir, source); snprintf(sourcepath, sizeof(sourcepath), "%s/%s", DROPBOX_DIR, source); do_copy_tail(sourcepath, destion, MAXFILESIZE); diff --git a/crashlog/inotify_handler.c b/crashlog/inotify_handler.c index 677e42b..07537b1 100755 --- a/crashlog/inotify_handler.c +++ b/crashlog/inotify_handler.c @@ -392,6 +392,12 @@ int receive_inotify_events(int inotify_fd) { } /* copy the last bytes received */ memcpy(lastevent, buffer, len); + /* Ensure there is enough space in the buffer for missing_bytes */ + if (len + missing_bytes > sizeof(lastevent)) { + LOGE("%s: Buffer overflow prevented. The lastevent buffer is too small to hold the additional data.\n", + __FUNCTION__); + return -1; + } /* now, reads the full last event, including its name field */ res = read(inotify_fd, &lastevent[len], missing_bytes); if ( res != missing_bytes ) { diff --git a/crashlog/main.c b/crashlog/main.c index 39c6349..b222808 100755 --- a/crashlog/main.c +++ b/crashlog/main.c @@ -694,7 +694,7 @@ int do_monitor() { return -1; } else if( get_missing_watched_dir_nb() ) { /* One or several directories couldn't have been added to inotify watcher */ - handle_missing_watched_dir(file_monitor_fd); + handle_missing_watched_dir(); } /* Set the inotify event callbacks */ diff --git a/crashlog/panic.c b/crashlog/panic.c index 62e9421..edc0370 100644 --- a/crashlog/panic.c +++ b/crashlog/panic.c @@ -59,6 +59,9 @@ static int check_aplogs_tobackup(char *filename) { LOGE("%s: Cannot transform the property %s(which is %s) into an array... error is %d - %s\n", __FUNCTION__, PROP_IPANIC_PATTERN, ipanic_chain, nbpatterns, strerror(-nbpatterns)); /* allocated memory is freed in commachain_to_fixedarray */ + if (patterns_array_32) { + free(patterns_array_32); + } return 0; } if (nbpatterns == 0) { diff --git a/crashlog/watchdog.c b/crashlog/watchdog.c index 91bc997..d6f68eb 100644 --- a/crashlog/watchdog.c +++ b/crashlog/watchdog.c @@ -118,7 +118,7 @@ static void crashlog_wd_handler(int signal, int enable_watchdog(unsigned int timeout) { struct sigaction sigact; - struct sigevent sevp; + struct sigevent sevp = {0}; struct itimerspec; if (timeout == 0)