Fix security vulnerability: potential OOB write in audioserver am: 3f9a6d3bd9 am...

[android-x86/hardware-libhardware.git] / hardware.c

diff --git a/hardware.c b/hardware.c
index 6713ea0..5394787 100644 (file)
--- a/hardware.c
+++ b/hardware.c
@@ -31,9 +31,11 @@
 #if defined(__LP64__)
 #define HAL_LIBRARY_PATH1 "/system/lib64/hw"
 #define HAL_LIBRARY_PATH2 "/vendor/lib64/hw"
+#define HAL_LIBRARY_PATH3 "/odm/lib64/hw"
 #else
 #define HAL_LIBRARY_PATH1 "/system/lib/hw"
 #define HAL_LIBRARY_PATH2 "/vendor/lib/hw"
+#define HAL_LIBRARY_PATH3 "/odm/lib/hw"
 #endif
 
 /**
@@ -67,9 +69,9 @@ static int load(const char *id,
         const char *path,
         const struct hw_module_t **pHmi)
 {
-    int status;
-    void *handle;
-    struct hw_module_t *hmi;
+    int status = -EINVAL;
+    void *handle = NULL;
+    struct hw_module_t *hmi = NULL;
 
     /*
      * load the symbols resolving undefined symbols before
@@ -130,6 +132,11 @@ static int hw_module_exists(char *path, size_t path_len, const char *name,
                             const char *subname)
 {
     snprintf(path, path_len, "%s/%s.%s.so",
+             HAL_LIBRARY_PATH3, name, subname);
+    if (access(path, R_OK) == 0)
+        return 0;
+
+    snprintf(path, path_len, "%s/%s.%s.so",
              HAL_LIBRARY_PATH2, name, subname);
     if (access(path, R_OK) == 0)
         return 0;
@@ -145,11 +152,12 @@ static int hw_module_exists(char *path, size_t path_len, const char *name,
 int hw_get_module_by_class(const char *class_id, const char *inst,
                            const struct hw_module_t **module)
 {
-    int i;
-    char prop[PATH_MAX];
-    char path[PATH_MAX];
-    char name[PATH_MAX];
-    char prop_name[PATH_MAX];
+    int i = 0;
+    char prop[PATH_MAX] = {0};
+    char path[PATH_MAX] = {0};
+    char name[PATH_MAX] = {0};
+    char prop_name[PATH_MAX] = {0};
+
 
     if (inst)
         snprintf(name, PATH_MAX, "%s.%s", class_id, inst);