Go through the code that opens socket in marshmallow, and backport the
SOCK_CLOEXEC usage for AF_NETLINK. In kitkat, SOCK_CLOEXEC is not defined;
therefore I used O_CLOEXEC instead.
Bug: 31242981
Test: mma
Change-Id: I792024c16b84ba3d6666d3df6002c89e0028f4b0
- Make sure the start and end of the data for a given entry are
within the allocated buffer.
- Make sure all central directory entries start and end within the
central directory buffer.
- Reject zip file entries that have no filenames.
bug: 30916186
test: test_zipfile with known bad zip files.
Change-Id: Ibf3f6469e60c85ec1608f5ce613d40867d2d09b7
Modify FrameworkListener to ignore commands that exceed the maximum
buffer length and send an error message.
Bug: 29831647
Change-Id: I9e57d1648d55af2ca0191bb47868e375ecc26950
Signed-off-by: Connor O'Brien <connoro@google.com>
(cherry picked from commit baa126dc15)
Fix two races in debuggerd's PTRACE_ATTACH logic:
1. The target thread in a crash dump request could exit between the
/proc/<pid>/task/<tid> check and the PTRACE_ATTACH.
2. Sibling threads could exit between listing /proc/<pid>/task and the
PTRACE_ATTACH.
Backport of NYC change I4dfe1ea30e2c211d2389321bd66e3684dd757591
Bug: http://b/29555636
Change-Id: I93f6423e6de38e2bc6c75d8d33052da4cd2daa8a
Inconsistent behaviour between utf16_to_utf8 and utf16_to_utf8_length
is causing a heap overflow.
Correcting the length computation and adding bound checks to the
conversion functions.
(cherry picked from commit c4966a363e)
Bug: 29250543
Change-Id: Ia2d6a550f5594280505fb0835c752e53898700ed
Inconsistent behaviour between utf16_to_utf8 and utf16_to_utf8_length
is causing a heap overflow.
Correcting the length computation and adding bound checks to the
conversion functions.
(cherry picked from commit c4966a363e)
(changed code for safetynet logging due to lack of sstream and string in klp)
Change-Id: If50d59a91a13fddbff9a8fff0d3eebe57c711e93
Bug: 29250543
close_all_sockets was assuming that all registered local sockets used
local_socket_close as their close function. However, this is not true
for JDWP sockets.
Backport of 53eb31d8 and 9b587de.
Bug: http://b/28347842
Change-Id: I13ec6fd87a0691c72608baf6038adcc0f03dca9f
An incorrect size was causing an unsigned value
to wrap, causing it to write past the end of
the buffer.
Bug: 28085658
Change-Id: Ie9625c729cca024d514ba2880ff97209d435a165
/data/tombstones is referenced by core platform code, but is not
guaranteed to exist on all Android devices. Move the directory
creation out of device specific files and into the core
init.rc file.
Bug: https://code.google.com/p/android/issues/detail?id=93207
Change-Id: I94ae5199a6a32c4fe555ca994fc4a8345e0c9690
Bug: http://b/26403620
(cherry picked from commit 0359d778a5)
Resolves delta between the kitkat and L version of this patch.
Fixes the molly build on klp-dev.
bug: 22953624
Change-Id: I696a506320f30d3d5cd95f6da35361244986cb36
Use external/safe-iop to check for overflows on arithmetic
operations.
Also remove an unnecessary copy of Vector/SharedBuffer from
codeflinger and use the copy from libutils instead.
Note that some of the unit tests are somewhat useless due to
test-runner limitations : gtest's ability to filter on abort message
doesn't work when combined with messages formatted by android's logging
system.
bug: 22953624
(cherry picked from commit c609c31fb5)
Change-Id: I673b7ab142bed4fcba9159a00a65cf6bca6b1f6c
User specified values of numInts and numFds can overflow
and cause malloc to allocate less than we expect, causing
heap corruption in subsequent operations on the allocation.
Bug: 19334482
Change-Id: I43c75f536ea4c08f14ca12ca6288660fd2d1ec55
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
(cherry picked from commit 7c862c8b5e)
Since ca8e66a8b0, init has
been handling reboots and filesystem unmounts. Remove obsolete
call to vdc.
Bug: 12504045
Change-Id: If8704ca042cb3a68857743b9973e48c52e7eb881
(cherry picked from commit 225459a5da)
The reboot commands return too fast, interfering with testing.
Add a pause(), which will allow the device time to complete the
reboot.
Change-Id: Ie9cc6eea67b7ff662ec71ea2329cbb94f8d55404
Bug: 11369303
MS_MOVE was used when staging external storage devices, which no
longer occurs. In fact, having a writable tmpfs was masking a vold
bug around moving apps to SD cards.
Bug: 11175082
Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
Josh Gao