fix: free in garbage data pointer; fix: Zygiskd wrong message length

This commit fixes the issue where "free" would be executed in a pointer which has garbage data, leading to crashes. This was fixed by setting to NULL, so that it's clean. It also fixes the issue where Zygiskd messages for "DAEMON_SET_INFO" would not count the NULL-terminator, causing crashes.
PerformanC · Nov 12, 2024 · f4af759 · f4af759
1 parent 21325ec
commit f4af759
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/loader/src/ptracer/monitor.cpp b/loader/src/ptracer/monitor.cpp
@@ -117,8 +117,8 @@ struct Status {
   bool zygote_injected = false;
   bool daemon_running = false;
   pid_t daemon_pid = -1;
-  char *daemon_info;
-  char *daemon_error_info;
+  char *daemon_info = NULL;
+  char *daemon_error_info = NULL;
 };
 
 Status status64;

diff --git a/zygiskd/src/zygiskd.c b/zygiskd/src/zygiskd.c
@@ -394,7 +394,7 @@ void zygiskd_start(char *restrict argv[]) {
     size_t msg_length = strlen("Root: , Modules: ") + strlen(impl_name) + module_list_len + 1;
 
     struct MsgHead *msg = malloc(sizeof(struct MsgHead) + msg_length);
-    msg->length = snprintf(msg->data, msg_length, "Root: %s, Modules: %s", impl_name, module_list);
+    msg->length = snprintf(msg->data, msg_length, "Root: %s, Modules: %s", impl_name, module_list) + 1;
     msg->cmd = DAEMON_SET_INFO;
 
     unix_datagram_sendto(CONTROLLER_SOCKET, (void *)msg, sizeof(struct MsgHead) + msg->length);