Fix overflow sanitizer in copyWithAuthor. The array index calculation in NBLog.cpp causes a runtime error on integer overflow sanitized builds. Although kPreviousLengthOffset is now ssize_t, sizeof() returns size_t, which is causing kPreviousLengthOffset to be implicitly cast to size_t, resulting in the overflow. runtime error: unsigned integer overflow: 27 + 4294967295 cannot be represented in type 'unsigned int' This restructures the buffer index to avoid the overflow all together. Bug: 30969751 Test: Compiles, device boots. Change-Id: I9abb858190ecdeeaede66cf502ceb586467d5c0c

commit: 9ef855d02352613880d593a94dc6a1d74b363177 [log] [tgz]
author: Ivan Lozano <ivanlozano@google.com> Mon Jan 08 15:19:09 2018 -0800
committer: Ivan Lozano <ivanlozano@google.com> Fri Jan 12 11:07:24 2018 -0800
tree: bd6910a46183097e946981ceab7a02661be16c25
parent: 61aaab8039993c35da4c3d7f3c2825cce0a71481 [diff]
diff --git a/media/libnblog/NBLog.cpp b/media/libnblog/NBLog.cpp
index c8c7195..d6fa3e3 100644
--- a/media/libnblog/NBLog.cpp
+++ b/media/libnblog/NBLog.cpp

@@ -259,7 +259,8 @@
     *(int*) (buffer + sizeof(entry) + sizeof(HistTsEntry)) = author;
     // Update lengths
     buffer[offsetof(entry, length)] = sizeof(HistTsEntryWithAuthor);
-    buffer[sizeof(buffer) + Entry::kPreviousLengthOffset] = sizeof(HistTsEntryWithAuthor);
+    buffer[offsetof(entry, data) + sizeof(HistTsEntryWithAuthor) + offsetof(ending, length)]
+        = sizeof(HistTsEntryWithAuthor);
     // Write new buffer into FIFO
     dst->write(buffer, sizeof(buffer));
     return EntryIterator(mEntry).next();
commit	9ef855d02352613880d593a94dc6a1d74b363177	[log] [tgz]
author	Ivan Lozano <ivanlozano@google.com>	Mon Jan 08 15:19:09 2018 -0800
committer	Ivan Lozano <ivanlozano@google.com>	Fri Jan 12 11:07:24 2018 -0800
tree	bd6910a46183097e946981ceab7a02661be16c25
parent	61aaab8039993c35da4c3d7f3c2825cce0a71481 [diff]