From f7690d919633b70a3109993a8aabf6dc76371efd Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Fri, 12 May 2017 13:01:47 -0700
Subject: [PATCH] liblog: tests: crashes in logcat.descriptive

scanTagLine has some loops that do not check for a terminating nul,
problematic for responses from the logger via __getEventTag.

Test: gTest logcat-unit-tests --gtest_filter=*.descriptive
Bug: 37791296
Change-Id: Ib4e900b765b407bdee43e009d6625fe289863ddc
---
 liblog/event_tag_map.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/liblog/event_tag_map.cpp b/liblog/event_tag_map.cpp
index 5fc7e3516..83064fde3 100644
--- a/liblog/event_tag_map.cpp
+++ b/liblog/event_tag_map.cpp
@@ -297,9 +297,9 @@ static int scanTagLine(EventTagMap* map, const char*& pData, int lineNum) {
   while (isspace(*cp) && (*cp != '\n')) ++cp;
   const char* fmt = NULL;
   size_t fmtLen = 0;
-  if (*cp != '#') {
+  if (*cp && (*cp != '#')) {
     fmt = cp;
-    while ((*cp != '\n') && (*cp != '#')) ++cp;
+    while (*cp && (*cp != '\n') && (*cp != '#')) ++cp;
     while ((cp > fmt) && isspace(*(cp - 1))) --cp;
     fmtLen = cp - fmt;
   }
@@ -309,7 +309,7 @@ static int scanTagLine(EventTagMap* map, const char*& pData, int lineNum) {
   // recorded for the same uid, but recording that
   // unused detail in our database is too burdensome.
   bool verbose = true;
-  while ((*cp != '#') && (*cp != '\n')) ++cp;
+  while (*cp && (*cp != '#') && (*cp != '\n')) ++cp;
   if (*cp == '#') {
     do {
       ++cp;
@@ -317,7 +317,7 @@ static int scanTagLine(EventTagMap* map, const char*& pData, int lineNum) {
     verbose = !!fastcmp<strncmp>(cp, "uid=", strlen("uid="));
   }
 
-  while (*cp != '\n') ++cp;
+  while (*cp && (*cp != '\n')) ++cp;
 #ifdef DEBUG
   fprintf(stderr, "%d: %p: %.*s\n", lineNum, tag, (int)(cp - pData), pData);
 #endif