ui: Manage menu_ with std::vector.
Prior to this CL, menu_ is allocated with a fixed length of text_rows_.
However, because we support scrollable menu in wear_ui, there might be
more menu entries than text_rows_, which would lead to out-of-bounds
array access. This CL addresses the issue by switching to std::vector.
Bug: 65416558
Test: Run 'View recovery logs' on angler.
Test: Set large margin height that leaves text_rows less than 21. Then
run 'View recovery logs' with 21 menu entries.
Change-Id: I5d4e3a0a097039e1104eda7d494c6269053dc894
diff --git a/screen_ui.cpp b/screen_ui.cpp
index 5c93b66..b8f6ea2 100644
--- a/screen_ui.cpp
+++ b/screen_ui.cpp
@@ -69,7 +69,7 @@
text_top_(0),
show_text(false),
show_text_ever(false),
- menu_(nullptr),
+ menu_headers_(nullptr),
show_menu(false),
menu_items(0),
menu_sel(0),
@@ -356,10 +356,10 @@
DrawHighlightBar(0, y - 2, gr_fb_width(), char_height_ + 4);
// Bold white text for the selected item.
SetColor(MENU_SEL_FG);
- y += DrawTextLine(x, y, menu_[i], true);
+ y += DrawTextLine(x, y, menu_[i].c_str(), true);
SetColor(MENU);
} else {
- y += DrawTextLine(x, y, menu_[i], false);
+ y += DrawTextLine(x, y, menu_[i].c_str(), false);
}
}
y += DrawHorizontalRule(y);
@@ -508,7 +508,6 @@
text_ = Alloc2d(text_rows_, text_cols_ + 1);
file_viewer_text_ = Alloc2d(text_rows_, text_cols_ + 1);
- menu_ = Alloc2d(text_rows_, text_cols_ + 1);
text_col_ = text_row_ = 0;
text_top_ = 1;
@@ -771,12 +770,11 @@
pthread_mutex_lock(&updateMutex);
if (text_rows_ > 0 && text_cols_ > 0) {
menu_headers_ = headers;
- size_t i = 0;
- for (; i < text_rows_ && items[i] != nullptr; ++i) {
- strncpy(menu_[i], items[i], text_cols_ - 1);
- menu_[i][text_cols_ - 1] = '\0';
+ menu_.clear();
+ for (size_t i = 0; i < text_rows_ && items[i] != nullptr; ++i) {
+ menu_.emplace_back(std::string(items[i], strnlen(items[i], text_cols_ - 1)));
}
- menu_items = i;
+ menu_items = static_cast<int>(menu_.size());
show_menu = true;
menu_sel = initial_selection;
update_screen_locked();
diff --git a/screen_ui.h b/screen_ui.h
index 62dda75..8231a2b 100644
--- a/screen_ui.h
+++ b/screen_ui.h
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <string>
+#include <vector>
#include "ui.h"
@@ -127,7 +128,7 @@
bool show_text;
bool show_text_ever; // has show_text ever been true?
- char** menu_;
+ std::vector<std::string> menu_;
const char* const* menu_headers_;
bool show_menu;
int menu_items, menu_sel;
diff --git a/wear_ui.cpp b/wear_ui.cpp
index 670050a..edc39cf 100644
--- a/wear_ui.cpp
+++ b/wear_ui.cpp
@@ -127,11 +127,11 @@
// white text of selected item
SetColor(MENU_SEL_FG);
if (menu_[i][0]) {
- gr_text(gr_sys_font(), x + 4, y, menu_[i], 1);
+ gr_text(gr_sys_font(), x + 4, y, menu_[i].c_str(), 1);
}
SetColor(MENU);
} else if (menu_[i][0]) {
- gr_text(gr_sys_font(), x + 4, y, menu_[i], 0);
+ gr_text(gr_sys_font(), x + 4, y, menu_[i].c_str(), 0);
}
y += char_height_ + 4;
}
@@ -199,17 +199,16 @@
pthread_mutex_lock(&updateMutex);
if (text_rows_ > 0 && text_cols_ > 0) {
menu_headers_ = headers;
- size_t i = 0;
+ menu_.clear();
// "i < text_rows_" is removed from the loop termination condition,
// which is different from the one in ScreenRecoveryUI::StartMenu().
// Because WearRecoveryUI supports scrollable menu, it's fine to have
// more entries than text_rows_. The menu may be truncated otherwise.
// Bug: 23752519
- for (; items[i] != nullptr; i++) {
- strncpy(menu_[i], items[i], text_cols_ - 1);
- menu_[i][text_cols_ - 1] = '\0';
+ for (size_t i = 0; items[i] != nullptr; i++) {
+ menu_.emplace_back(std::string(items[i], strnlen(items[i], text_cols_ - 1)));
}
- menu_items = i;
+ menu_items = static_cast<int>(menu_.size());
show_menu = true;
menu_sel = initial_selection;
menu_start = 0;