From 5f6199373dc1e07d2ee5edbae7ecfa08a065492e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?=
 <Bernhard.Rosenkranzer@linaro.org>
Date: Mon, 17 Nov 2014 21:06:20 +0100
Subject: [PATCH] Fix potential format string vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A sensor name containing a format string could have interesting side
effects...

Change-Id: If7f1378aa68572d9716c339728eab18faa6b9f2a
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
---
 services/sensorservice/SensorService.cpp | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index dc8fa649d..9b2aceaac 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -617,12 +617,9 @@ Vector<Sensor> SensorService::getSensorList()
         if (canAccessSensor(sensor)) {
             accessibleSensorList.add(sensor);
         } else {
-            String8 infoMessage;
-            infoMessage.appendFormat(
-                    "Skipped sensor %s because it requires permission %s",
-                    sensor.getName().string(),
-                    sensor.getRequiredPermission().string());
-            ALOGI(infoMessage.string());
+            ALOGI("Skipped sensor %s because it requires permission %s",
+                  sensor.getName().string(),
+                  sensor.getRequiredPermission().string());
         }
     }
     return accessibleSensorList;