From ec3d44cc7e5308cbfb166166da939a5b5ad216bc Mon Sep 17 00:00:00 2001
From: Sungmin Choi <sungmin.choi@lge.com>
Date: Fri, 21 Dec 2012 14:24:33 +0900
Subject: fix possible buffer overrun and memory leak

Use snprintf instead of sprintf and fclose() before return.

Change-Id: I3ed193464cc0dc90e9935ae19162667ad367628b
---
 core/jni/android_util_Binder.cpp | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/core/jni/android_util_Binder.cpp b/core/jni/android_util_Binder.cpp
index 881d9a0a3526..2aafee13d28f 100644
--- a/core/jni/android_util_Binder.cpp
+++ b/core/jni/android_util_Binder.cpp
@@ -951,13 +951,20 @@ static jboolean android_os_BinderProxy_isBinderAlive(JNIEnv* env, jobject obj)
 }
 
 static int getprocname(pid_t pid, char *buf, size_t len) {
-    char filename[20];
+    char filename[32];
     FILE *f;
 
-    sprintf(filename, "/proc/%d/cmdline", pid);
+    snprintf(filename, sizeof(filename), "/proc/%d/cmdline", pid);
     f = fopen(filename, "r");
-    if (!f) { *buf = '\0'; return 1; }
-    if (!fgets(buf, len, f)) { *buf = '\0'; return 2; }
+    if (!f) {
+        *buf = '\0';
+        return 1;
+    }
+    if (!fgets(buf, len, f)) {
+        *buf = '\0';
+        fclose(f);
+        return 2;
+    }
     fclose(f);
     return 0;
 }
-- 
cgit v1.2.3-59-g8ed1b