am f3d3ce5e: add bounds checking for mPartMinors[]
* commit 'f3d3ce5e53ab7928f4c292c183c417a1bd051151':
add bounds checking for mPartMinors[]
diff --git a/DirectVolume.cpp b/DirectVolume.cpp
index 0ac1a0c..54da964 100644
--- a/DirectVolume.cpp
+++ b/DirectVolume.cpp
@@ -202,9 +202,13 @@
#ifdef PARTITION_DEBUG
SLOGD("Dv:partAdd: part_num = %d, minor = %d\n", part_num, minor);
#endif
- mPartMinors[part_num -1] = minor;
-
+ if (part_num > MAX_PARTITIONS) {
+ SLOGE("Dv:partAdd: ignoring part_num = %d (max: %d)\n", part_num, MAX_PARTITIONS);
+ } else {
+ mPartMinors[part_num -1] = minor;
+ }
mPendingPartMap &= ~(1 << part_num);
+
if (!mPendingPartMap) {
#ifdef PARTITION_DEBUG
SLOGD("Dv:partAdd: Got all partitions - ready to rock!");
@@ -275,6 +279,7 @@
int major = atoi(evt->findParam("MAJOR"));
int minor = atoi(evt->findParam("MINOR"));
char msg[255];
+ int state;
SLOGD("Volume %s %s partition %d:%d removed\n", getLabel(), getMountpoint(), major, minor);
@@ -284,7 +289,8 @@
* the removal notification will be sent on the Disk
* itself
*/
- if (getState() != Volume::State_Mounted) {
+ state = getState();
+ if (state != Volume::State_Mounted && state != Volume::State_Shared) {
return;
}
@@ -309,6 +315,19 @@
} else {
SLOGD("Crisis averted");
}
+ } else if (state == Volume::State_Shared) {
+ /* removed during mass storage */
+ snprintf(msg, sizeof(msg), "Volume %s bad removal (%d:%d)",
+ getLabel(), major, minor);
+ mVm->getBroadcaster()->sendBroadcast(ResponseCode::VolumeBadRemoval,
+ msg, false);
+
+ if (mVm->unshareVolume(getLabel(), "ums")) {
+ SLOGE("Failed to unshare volume on bad removal (%s)",
+ strerror(errno));
+ } else {
+ SLOGD("Crisis averted");
+ }
}
}
diff --git a/Volume.cpp b/Volume.cpp
index d2b87b6..ecf7dcd 100644
--- a/Volume.cpp
+++ b/Volume.cpp
@@ -218,6 +218,7 @@
setState(Volume::State_Formatting);
+ int ret = -1;
// Only initialize the MBR if we are formatting the entire device
if (formatEntireDevice) {
sprintf(devicePath, "/dev/block/vold/%d:%d",
@@ -241,10 +242,11 @@
goto err;
}
- setState(Volume::State_Idle);
- return 0;
+ ret = 0;
+
err:
- return -1;
+ setState(Volume::State_Idle);
+ return ret;
}
bool Volume::isMountpointMounted(const char *path) {
diff --git a/main.cpp b/main.cpp
index f97632b..9c45774 100644
--- a/main.cpp
+++ b/main.cpp
@@ -151,7 +151,8 @@
}
while(fgets(line, sizeof(line), fp)) {
- char *next = line;
+ const char *delim = " \t";
+ char *save_ptr;
char *type, *label, *mount_point;
n++;
@@ -160,24 +161,24 @@
if (line[0] == '#' || line[0] == '\0')
continue;
- if (!(type = strsep(&next, " \t"))) {
+ if (!(type = strtok_r(line, delim, &save_ptr))) {
SLOGE("Error parsing type");
goto out_syntax;
}
- if (!(label = strsep(&next, " \t"))) {
+ if (!(label = strtok_r(NULL, delim, &save_ptr))) {
SLOGE("Error parsing label");
goto out_syntax;
}
- if (!(mount_point = strsep(&next, " \t"))) {
+ if (!(mount_point = strtok_r(NULL, delim, &save_ptr))) {
SLOGE("Error parsing mount point");
goto out_syntax;
}
if (!strcmp(type, "dev_mount")) {
DirectVolume *dv = NULL;
- char *part, *sysfs_path;
+ char *part;
- if (!(part = strsep(&next, " \t"))) {
+ if (!(part = strtok_r(NULL, delim, &save_ptr))) {
SLOGE("Error parsing partition");
goto out_syntax;
}
@@ -192,7 +193,7 @@
dv = new DirectVolume(vm, label, mount_point, atoi(part));
}
- while((sysfs_path = strsep(&next, " \t"))) {
+ while (char *sysfs_path = strtok_r(NULL, delim, &save_ptr)) {
if (dv->addPath(sysfs_path)) {
SLOGE("Failed to add devpath %s to volume %s", sysfs_path,
label);