Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_update_engine / d603ba9ff52c72a68556495245e1069c991866d4
commitd603ba9ff52c72a68556495245e1069c991866d4[log] [tgz]
authorAlex Deymo <deymo@chromium.org>Fri Oct 03 14:51:33 2014 -0700
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Tue Oct 07 03:37:13 2014 +0000
tree32135957bf441d96cf5d28037a8ae0ec3464c470
parent4a444ae459660ad4478011368c02c5f8abcea178 [diff]
update_engine: Move variable to function level script to prevent UaF.

main's SetupLogging() had a temporary string variable holding the
result of SetupLogFile(), which is the filename where we should
write the log to. logging::InitLogging interface accepts a
logging::LoggingSettings struct that holds a char* to the log file
name that needs to be alive while it is referenced from the
LoggingSettings struct, instead of just holding a std::string.

This patch moves the temporary string variable to the same scope
as the LoggingSettings struct, preventing a use-after-free.

BUG=chromium:419659
TEST=`USE="clan asan" emerge-link update_engine libchrome libchromeos` and deployed to a link device.
TEST=`update_engine` doesn't crash reporting an error in /var/log/asan.* with this patch.

Change-Id: I87adddeec0002592d67512d14a8d6d1a597843cf
Reviewed-on: https://chromium-review.googlesource.com/221501
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>
1 file changed
tree: 32135957bf441d96cf5d28037a8ae0ec3464c470
  1. init/
  2. payload_generator/
  3. update_manager/
  4. .gitignore
  5. action.h
  6. action_mock.h
  7. action_pipe.h
  8. action_pipe_unittest.cc
  9. action_processor.cc
  10. action_processor.h
  11. action_processor_mock.h
  12. action_processor_unittest.cc
  13. action_unittest.cc
  14. build
  15. bzip.cc
  16. bzip.h
  17. bzip_extent_writer.cc
  18. bzip_extent_writer.h
  19. bzip_extent_writer_unittest.cc
  20. certificate_checker.cc
  21. certificate_checker.h
  22. certificate_checker_mock.h
  23. certificate_checker_unittest.cc
  24. chrome_browser_proxy_resolver.cc
  25. chrome_browser_proxy_resolver.h
  26. chrome_browser_proxy_resolver_unittest.cc
  27. clock.cc
  28. clock.h
  29. clock_interface.h
  30. connection_manager.cc
  31. connection_manager.h
  32. connection_manager_unittest.cc
  33. constants.cc
  34. constants.h
  35. dbus_constants.h
  36. dbus_service.cc
  37. dbus_service.h
  38. dbus_wrapper_interface.h
  39. delta_performer.cc
  40. delta_performer.h
  41. delta_performer_unittest.cc
  42. download_action.cc
  43. download_action.h
  44. download_action_unittest.cc
  45. error_code.h
  46. extent_ranges.cc
  47. extent_ranges.h
  48. extent_ranges_unittest.cc
  49. extent_writer.cc
  50. extent_writer.h
  51. extent_writer_unittest.cc
  52. fake_clock.h
  53. fake_hardware.h
  54. fake_p2p_manager.h
  55. fake_p2p_manager_configuration.h
  56. fake_prefs.cc
  57. fake_prefs.h
  58. fake_system_state.cc
  59. fake_system_state.h
  60. file_descriptor.cc
  61. file_descriptor.h
  62. file_writer.cc
  63. file_writer.h
  64. file_writer_mock.h
  65. file_writer_unittest.cc
  66. filesystem_copier_action.cc
  67. filesystem_copier_action.h
  68. filesystem_copier_action_unittest.cc
  69. gen_coverage_html
  70. glib_utils.cc
  71. glib_utils.h
  72. hardware.cc
  73. hardware.h
  74. hardware_interface.h
  75. http_common.cc
  76. http_common.h
  77. http_fetcher.cc
  78. http_fetcher.h
  79. http_fetcher_unittest.cc
  80. hwid_override.cc
  81. hwid_override.h
  82. hwid_override_unittest.cc
  83. install_plan.cc
  84. install_plan.h
  85. libcurl_http_fetcher.cc
  86. libcurl_http_fetcher.h
  87. local_coverage_rate
  88. main.cc
  89. metrics.cc
  90. metrics.h
  91. mock_connection_manager.h
  92. mock_dbus_wrapper.h
  93. mock_file_writer.h
  94. mock_hardware.h
  95. mock_http_fetcher.cc
  96. mock_http_fetcher.h
  97. mock_p2p_manager.h
  98. mock_payload_state.h
  99. multi_range_http_fetcher.cc
  100. multi_range_http_fetcher.h
  101. omaha_hash_calculator.cc
  102. omaha_hash_calculator.h
  103. omaha_hash_calculator_unittest.cc
  104. omaha_request_action.cc
  105. omaha_request_action.h
  106. omaha_request_action_unittest.cc
  107. omaha_request_params.cc
  108. omaha_request_params.h
  109. omaha_request_params_unittest.cc
  110. omaha_response.h
  111. omaha_response_handler_action.cc
  112. omaha_response_handler_action.h
  113. omaha_response_handler_action_unittest.cc
  114. OWNERS
  115. p2p_manager.cc
  116. p2p_manager.h
  117. p2p_manager_unittest.cc
  118. payload_constants.cc
  119. payload_constants.h
  120. payload_state.cc
  121. payload_state.h
  122. payload_state_interface.h
  123. payload_state_unittest.cc
  124. payload_verifier.cc
  125. payload_verifier.h
  126. postinstall_runner_action.cc
  127. postinstall_runner_action.h
  128. postinstall_runner_action_unittest.cc
  129. prefs.cc
  130. prefs.h
  131. prefs_interface.h
  132. prefs_mock.h
  133. prefs_unittest.cc
  134. proxy_resolver.cc
  135. proxy_resolver.h
  136. real_dbus_wrapper.h
  137. real_system_state.cc
  138. real_system_state.h
  139. run_unittests
  140. sample_omaha_v3_response.xml
  141. subprocess.cc
  142. subprocess.h
  143. subprocess_unittest.cc
  144. system_state.h
  145. terminator.cc
  146. terminator.h
  147. terminator_unittest.cc
  148. test_http_server.cc
  149. test_utils.cc
  150. test_utils.h
  151. testrunner.cc
  152. unittest_key.pem
  153. unittest_key2.pem
  154. update_attempter.cc
  155. update_attempter.h
  156. update_attempter_mock.h
  157. update_attempter_unittest.cc
  158. update_engine.gyp
  159. update_engine.xml
  160. update_engine_client.cc
  161. update_metadata.proto
  162. UpdateEngine.conf
  163. utils.cc
  164. utils.h
  165. utils_unittest.cc
  166. WATCHLISTS
  167. zip_unittest.cc