Created attachment 8439155 [details] [diff] [review] libhwcomposer-off-by-one.diff This is only for debug build.
Michael, do you review and own this code? Or, who should I talk to?
You should talk to Diego about this.
Diego, had you fixed this bug? It causes memory corruption. In my case, it corrupts internal data of jemalloc by overflowing over several kilobytes.
I am not getting the context of this bug. I have the user-debug build and if I log the string "mDisplayName" after strncpy(), I see the display name. I also tried with attached patch, but same output. OR does the bug point to set "Virtual" when dpy is 2?
Flags: needinfo?(sushilchauhan) → needinfo?(tlee)
For mDisplayName is not initialized, it could be filled with random values. strncpy() copies first n chars of the source string to the destination, and append a null char to the destination only if the length of the source is samller than n; i.e. strlen(src) < n. It means to be suffixed with random data if the memory allocator does not clear out the memory since strlen(src) == n in this case. Not all memory allocators do clearing except using calloc(). Is it enough to explain the issue here?
Flags: needinfo?(tlee) → needinfo?(sushilchauhan)
Thanks. I will fix it in HAL.
Fix had landed in HAL on CAF: https://www.codeaurora.org/cgit/quic/la/platform/hardware/qcom/display/commit/?h=b2g_kk_3.5&id=f0366091389b3f0648a92e6a7173237937bc0393
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1034146
You need to log in before you can comment on or make changes to this bug.