If there was only one byte left before the buffer wraps around,
the length field, which consists of 2 bytes, would end up torn apart,
yielding garbage on naive read attempts.
While libdlog did ensure to write only even-length logs, this could
not be relied upon when not using it: this includes kmsg and, potentially,
malicious users.
Change-Id: I7ec3777d650ec2642812b27e87de5e16e0dd72fc
Signed-off-by: Michal Bloch <m.bloch@samsung.com>
}
while (from != buffer->tail && (!reader->dumpcount || (reader->bytes_to_read > 0))) {
- ple = (struct logger_entry*)(buffer->buffer + from);
- copy_from_buffer(tmp, from, ple->len, buffer);
+ typeof(ple->len) length;
+ copy_from_buffer(&length, from, sizeof length, buffer);
+
+ copy_from_buffer(tmp, from, length, buffer);
ple = (struct logger_entry*)tmp;
from += ple->len;