Fix potential format string vulnerability

A sensor name containing a format string could have interesting side effects... Change-Id: If7f1378aa68572d9716c339728eab18faa6b9f2a Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
2014-11-17 21:06:20 +01:00 · 2014-11-17 21:06:20 +01:00 · 5f6199373d
parent 2e42a90653
commit 5f6199373d
1 changed files with 3 additions and 6 deletions
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@ -617,12 +617,9 @@ Vector<Sensor> SensorService::getSensorList()
        if (canAccessSensor(sensor)) {
            accessibleSensorList.add(sensor);
        } else {
-            String8 infoMessage;
-            infoMessage.appendFormat(
-                    "Skipped sensor %s because it requires permission %s",
-                    sensor.getName().string(),
-                    sensor.getRequiredPermission().string());
-            ALOGI(infoMessage.string());
+            ALOGI("Skipped sensor %s because it requires permission %s",
+                  sensor.getName().string(),
+                  sensor.getRequiredPermission().string());
        }
    }
    return accessibleSensorList;