From b447440a4b5e1e300c6cb1a931b3fa1e22900c4f Mon Sep 17 00:00:00 2001
From: "tony.ys_liu" <tony.ys_liu@htc.com>
Date: Wed, 29 Jul 2015 18:00:22 +0800
Subject: [PATCH] Prevent buffer over-read in linker.cpp's parse_path.

Also, the old behavior of skipping empty entries doesn't match glibc.

Change-Id: I497774377113ab6c5d962e0f20066e2192748f06
---
 linker/Android.mk |  2 +-
 linker/linker.cpp | 22 ++++------------------
 2 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/linker/Android.mk b/linker/Android.mk
index 04b4370ca..d378e9083 100644
--- a/linker/Android.mk
+++ b/linker/Android.mk
@@ -60,7 +60,7 @@ LOCAL_ASFLAGS := $(LOCAL_CFLAGS)
 
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
 
-LOCAL_STATIC_LIBRARIES := libc_nomalloc libziparchive libutils libz liblog
+LOCAL_STATIC_LIBRARIES := libc_nomalloc libziparchive libutils libbase libz liblog
 
 LOCAL_FORCE_STATIC_EXECUTABLE := true
 
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 375b53419..4428e511e 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -57,6 +57,8 @@
 #include "linker_phdr.h"
 #include "linker_relocs.h"
 #include "linker_reloc_iterators.h"
+
+#include "base/strings.h"
 #include "ziparchive/zip_archive.h"
 
 extern void __libc_init_AT_SECURE(KernelArgumentBlock&);
@@ -308,25 +310,9 @@ static void soinfo_free(soinfo* si) {
 
 static void parse_path(const char* path, const char* delimiters,
                        std::vector<std::string>* paths) {
-  if (path == nullptr) {
-    return;
-  }
-
   paths->clear();
-
-  for (const char *p = path; ; ++p) {
-    size_t len = strcspn(p, delimiters);
-    // skip empty tokens
-    if (len == 0) {
-      continue;
-    }
-
-    paths->push_back(std::string(p, len));
-    p += len;
-
-    if (*p == '\0') {
-      break;
-    }
+  if (path != nullptr) {
+    *paths = android::base::Split(path, delimiters);
   }
 }