[Flame] libhwcomposer of flame has off-by-one error in HwcDebug::HwcDebug().

RESOLVED DUPLICATE of bug 1034146

Status

Firefox OS
Vendcom
RESOLVED DUPLICATE of bug 1034146
4 years ago
4 years ago

People

(Reporter: sinker, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 8439155 [details] [diff] [review]
libhwcomposer-off-by-one.diff

This is only for debug build.
(Reporter)

Comment 1

4 years ago
Michael, do you review and own this code?  Or, who should I talk to?
Flags: needinfo?(mwu)

Comment 2

4 years ago
You should talk to Diego about this.
Flags: needinfo?(mwu)

Comment 3

4 years ago
Or Sushil.
(Reporter)

Comment 4

4 years ago
Diego, had you fixed this bug?  It causes memory corruption.  In my case, it corrupts internal data of jemalloc by overflowing over several kilobytes.
Flags: needinfo?(dwilson)

Updated

4 years ago
Flags: needinfo?(dwilson) → needinfo?(sushilchauhan)

Comment 5

4 years ago
I am not getting the context of this bug. I have the user-debug build and if I log the string "mDisplayName" after strncpy(), I see the display name. I also tried with attached patch, but same output. OR does the bug point to set "Virtual" when dpy is 2?
Flags: needinfo?(sushilchauhan) → needinfo?(tlee)
(Reporter)

Comment 6

4 years ago
For mDisplayName is not initialized, it could be filled with random values.  strncpy() copies first n chars of the source string to the destination, and append a null char to the destination only if the length of the source is samller than n; i.e. strlen(src) < n.  It means to be suffixed with random data if the memory allocator does not clear out the memory since strlen(src) == n in this case.  Not all memory allocators do clearing except using calloc().

Is it enough to explain the issue here?
Flags: needinfo?(tlee) → needinfo?(sushilchauhan)

Comment 7

4 years ago
Thanks. I will fix it in HAL.
Flags: needinfo?(sushilchauhan)

Updated

4 years ago
Component: General → Vendcom

Comment 8

4 years ago
Fix had landed in HAL on CAF: https://www.codeaurora.org/cgit/quic/la/platform/hardware/qcom/display/commit/?h=b2g_kk_3.5&id=f0366091389b3f0648a92e6a7173237937bc0393
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1034146
You need to log in before you can comment on or make changes to this bug.