Fix few ASAN issues reported

- Fix a Use After Free issue in Gnss Update Config If Engine Capabilities are not known yet at the time of the MsgGnssUpdateConfig, the ids arrray will be freed but the ids pointer will be copied into a new MsgGnssUpdateConfig that will access the ids array again - Issue in NetworkInfoDataItemBase which will result in array out of bound access which might result in heap buffer overflow. Change-Id: Ib5a6dc29fef9eb6676d4605f92d60f26a47d1d90 CRs-fixed: 2449980
author: Dante Russo <drusso@codeaurora.org> 2019-05-15 15:08:30 -0700
committer: Dante Russo <drusso@codeaurora.org> 2019-05-15 15:09:39 -0700
commit: 61b7ed6bf0718c2b4a93350f130e8b13f980c823 (patch)
tree: e4624b234f15f2f16476fe9bec02d98e42a9cff1 /gnss
parent: 4d6bb2da93570f07d874e2a76519518c6d4b163f (diff)
download: gps-61b7ed6bf0718c2b4a93350f130e8b13f980c823.tar.gz
1 files changed, 20 insertions, 1 deletions
diff --git a/gnss/GnssAdapter.cpp b/gnss/GnssAdapter.cpp
index e1143fd..6558714 100644
--- a/gnss/GnssAdapter.cpp
+++ b/gnss/GnssAdapter.cpp
@@ -997,9 +997,18 @@ GnssAdapter::gnssUpdateConfigCommand(GnssConfig config)
             mConfig(config),
             mCount(count),
             mIds(ids) {}
+        inline MsgGnssUpdateConfig(const MsgGnssUpdateConfig& obj) :
+                MsgGnssUpdateConfig(obj.mAdapter, obj.mApi, obj.mConfig,
+                        new uint32_t[obj.mCount], obj.mCount) {
+            if (mIds != nullptr) {
+                for (int i = 0; i < mCount; ++i) {
+                    mIds[i] = obj.mIds[i];
+                }
+            }
+        }
         inline virtual ~MsgGnssUpdateConfig()
         {
-            delete [] mIds;
+            delete[] mIds;
         }
 
         inline virtual void proc() const {
@@ -1257,6 +1266,16 @@ GnssAdapter::gnssGetConfigCommand(GnssConfigFlagsMask configMask) {
             mConfigMask(configMask),
             mIds(ids),
             mCount(count) {}
+
+        inline MsgGnssGetConfig(const MsgGnssGetConfig& obj) :
+                MsgGnssGetConfig(obj.mAdapter, obj.mApi, obj.mConfigMask,
+                        new uint32_t[obj.mCount], obj.mCount) {
+            if (mIds != nullptr) {
+                for (int i = 0; i < mCount; ++i) {
+                    mIds[i] = obj.mIds[i];
+                }
+            }
+        }
         inline virtual ~MsgGnssGetConfig()
         {
             delete[] mIds;
author	Dante Russo <drusso@codeaurora.org>	2019-05-15 15:08:30 -0700
committer	Dante Russo <drusso@codeaurora.org>	2019-05-15 15:09:39 -0700
commit	61b7ed6bf0718c2b4a93350f130e8b13f980c823 (patch)
tree	e4624b234f15f2f16476fe9bec02d98e42a9cff1 /gnss
parent	4d6bb2da93570f07d874e2a76519518c6d4b163f (diff)
download	gps-61b7ed6bf0718c2b4a93350f130e8b13f980c823.tar.gz