diff options
| author | Jean-Baptiste Queru <jbq@google.com> | 2010-07-29 11:00:02 -0700 |
|---|---|---|
| committer | Android Code Review <code-review@android.com> | 2010-07-29 11:00:02 -0700 |
| commit | c37ba1c916d73fbf35c6faba1e252e2916d2d41d (patch) | |
| tree | 01e283889497c54c6125bc71fdd3a0d9705f8a88 /fastboot/engine.c | |
| parent | 96a2bb622d38f3c875997e4cacb423fa9ef4ea76 (diff) | |
| parent | 50b3995d027b53f24bbba099b3b6884d5845b614 (diff) | |
Merge "Check fastboot oem command line length"
Diffstat (limited to 'fastboot/engine.c')
| -rw-r--r-- | fastboot/engine.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/fastboot/engine.c b/fastboot/engine.c index 6d62c6e222..dc74417a7b 100644 --- a/fastboot/engine.c +++ b/fastboot/engine.c @@ -97,14 +97,20 @@ static Action *queue_action(unsigned op, const char *fmt, ...) { Action *a; va_list ap; + size_t cmdsize; a = calloc(1, sizeof(Action)); if (a == 0) die("out of memory"); va_start(ap, fmt); - vsprintf(a->cmd, fmt, ap); + cmdsize = vsnprintf(a->cmd, sizeof(a->cmd), fmt, ap); va_end(ap); + if (cmdsize >= sizeof(a->cmd)) { + free(a); + die("Command length (%d) exceeds maximum size (%d)", cmdsize, sizeof(a->cmd)); + } + if (action_last) { action_last->next = a; } else { |