From 93ffa7579cd75d1bdb2d124aa5cc5f8b6025e3d8 Mon Sep 17 00:00:00 2001
From: Jin Feng <jin88.feng@gmail.com>
Date: Tue, 4 Jun 2013 17:46:24 +0800
Subject: Fix the potential segmentation fault

Extral newline can trigger recovery segmentation fault
Test case:
host$ adb shell 'echo -en "--update_package=ota_update.zip\n--show_text\n\n" > /cache/recovery/command'
host$ adb reboot recovery

Change-Id: If1781c1f5ad94a273f1cb122b67cedd9fb562433
Signed-off-by: Jin Feng <jin88.feng@gmail.com>
---
 recovery.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'recovery.cpp')

diff --git a/recovery.cpp b/recovery.cpp
index 92aa50372..2541e54d8 100644
--- a/recovery.cpp
+++ b/recovery.cpp
@@ -198,6 +198,7 @@ get_args(int *argc, char ***argv) {
     if (*argc <= 1) {
         FILE *fp = fopen_path(COMMAND_FILE, "r");
         if (fp != NULL) {
+            char *token;
             char *argv0 = (*argv)[0];
             *argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
             (*argv)[0] = argv0;  // use the same program name
@@ -205,7 +206,12 @@ get_args(int *argc, char ***argv) {
             char buf[MAX_ARG_LENGTH];
             for (*argc = 1; *argc < MAX_ARGS; ++*argc) {
                 if (!fgets(buf, sizeof(buf), fp)) break;
-                (*argv)[*argc] = strdup(strtok(buf, "\r\n"));  // Strip newline.
+                token = strtok(buf, "\r\n");
+                if (token != NULL) {
+                    (*argv)[*argc] = strdup(token);  // Strip newline.
+                } else {
+                    --*argc;
+                }
             }
 
             check_and_fclose(fp, COMMAND_FILE);
-- 
cgit v1.2.3