fix possible buffer overrun and memory leak

Use snprintf instead of sprintf and fclose() before return. Change-Id: I3ed193464cc0dc90e9935ae19162667ad367628b
author: Sungmin Choi <sungmin.choi@lge.com> 2012-12-21 14:24:33 +0900
committer: Sungmin Choi <sungmin.choi@lge.com> 2013-05-29 20:18:51 -0700
commit: ec3d44cc7e5308cbfb166166da939a5b5ad216bc (patch)
tree: 2cadf2660d1081527012475820d00583cae2dce2
parent: 9b76b2d29fa338a128f699a1f40f7f5916a512af (diff)
1 files changed, 11 insertions, 4 deletions
diff --git a/core/jni/android_util_Binder.cpp b/core/jni/android_util_Binder.cpp
index 881d9a0a3526..2aafee13d28f 100644
--- a/core/jni/android_util_Binder.cpp
+++ b/core/jni/android_util_Binder.cpp
@@ -951,13 +951,20 @@ static jboolean android_os_BinderProxy_isBinderAlive(JNIEnv* env, jobject obj)
 }
 
 static int getprocname(pid_t pid, char *buf, size_t len) {
-    char filename[20];
+    char filename[32];
     FILE *f;
 
-    sprintf(filename, "/proc/%d/cmdline", pid);
+    snprintf(filename, sizeof(filename), "/proc/%d/cmdline", pid);
     f = fopen(filename, "r");
-    if (!f) { *buf = '\0'; return 1; }
-    if (!fgets(buf, len, f)) { *buf = '\0'; return 2; }
+    if (!f) {
+        *buf = '\0';
+        return 1;
+    }
+    if (!fgets(buf, len, f)) {
+        *buf = '\0';
+        fclose(f);
+        return 2;
+    }
     fclose(f);
     return 0;
 }
author	Sungmin Choi <sungmin.choi@lge.com>	2012-12-21 14:24:33 +0900
committer	Sungmin Choi <sungmin.choi@lge.com>	2013-05-29 20:18:51 -0700
commit	ec3d44cc7e5308cbfb166166da939a5b5ad216bc (patch)
tree	2cadf2660d1081527012475820d00583cae2dce2
parent	9b76b2d29fa338a128f699a1f40f7f5916a512af (diff)