From 5ff5b3cfc0f41e7e1cf220a2fc6060b872701a1d Mon Sep 17 00:00:00 2001
From: Francisco Prieto <priettt@gmail.com>
Date: Mon, 6 Jan 2025 11:36:01 -0300
Subject: [PATCH] Avoid out of bound access to emb_exception->stacktrace
 (#1784)

---
 embrace-android-sdk/src/main/cpp/serializer/file_writer.c | 2 +-
 .../src/main/cpp/unwinders/stack_unwinder.cpp             | 3 +++
 embrace-android-sdk/src/main/cpp/unwinders/unwinder.c     | 8 ++++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/embrace-android-sdk/src/main/cpp/serializer/file_writer.c b/embrace-android-sdk/src/main/cpp/serializer/file_writer.c
index 7620811a38..8b6dc557b2 100644
--- a/embrace-android-sdk/src/main/cpp/serializer/file_writer.c
+++ b/embrace-android-sdk/src/main/cpp/serializer/file_writer.c
@@ -211,7 +211,7 @@ bool emb_add_exc_info_to_json(const emb_crash *crash, JSON_Object *crash_object,
 bool emb_add_exc_to_json(const emb_exception *exception, JSON_Array *frames_object) {
     EMB_LOGDEV("About to serialize %d stack frames.", (int) exception->num_sframes);
 
-    for (int i = 0; i < exception->num_sframes; ++i) {
+    for (int i = 0; i < exception->num_sframes && i < kEMBMaxSFrames; ++i) {
         JSON_Value *frame_value = json_value_init_object();
         if (frame_value == NULL) {
             return false;
diff --git a/embrace-android-sdk/src/main/cpp/unwinders/stack_unwinder.cpp b/embrace-android-sdk/src/main/cpp/unwinders/stack_unwinder.cpp
index a6fa02365b..ed36e19583 100644
--- a/embrace-android-sdk/src/main/cpp/unwinders/stack_unwinder.cpp
+++ b/embrace-android-sdk/src/main/cpp/unwinders/stack_unwinder.cpp
@@ -17,6 +17,9 @@ static inline void emb_copy_frame_data(unwindstack::AndroidUnwinderData &android
     int k = 0;
 
     for (const auto &frame: android_unwinder_data.frames) {
+        if (k >= kEMBMaxSFrames) {
+            break;
+        }
         emb_sframe *data = &stacktrace[k++];
 
         // populate the link register for the first value only
diff --git a/embrace-android-sdk/src/main/cpp/unwinders/unwinder.c b/embrace-android-sdk/src/main/cpp/unwinders/unwinder.c
index d1cf8bf103..31f38dc753 100644
--- a/embrace-android-sdk/src/main/cpp/unwinders/unwinder.c
+++ b/embrace-android-sdk/src/main/cpp/unwinders/unwinder.c
@@ -12,12 +12,12 @@
 void emb_fix_fileinfo(ssize_t frame_count,
                          emb_sframe stacktrace[kEMBMaxSFrames]) {
     static Dl_info info;
-    for (int i = 0; i < frame_count; ++i) {
+
+    for (int i = 0; i < frame_count && i < kEMBMaxSFrames; ++i) {
         if (dladdr((void *)stacktrace[i].frame_addr, &info) != 0) {
             stacktrace[i].module_addr = (uintptr_t)info.dli_fbase;
             stacktrace[i].offset_addr = (uintptr_t)info.dli_saddr;
-            stacktrace[i].line_num =
-                    stacktrace[i].frame_addr - stacktrace[i].module_addr;
+            stacktrace[i].line_num = stacktrace[i].frame_addr - stacktrace[i].module_addr;
             if (info.dli_fname != NULL) {
                 emb_strncpy(stacktrace[i].filename, (char *)info.dli_fname, sizeof(stacktrace[i].filename));
             }
@@ -36,4 +36,4 @@ ssize_t emb_process_capture(emb_env *env, siginfo_t *info, void *user_context) {
     emb_fix_fileinfo(frame_count, env->crash.capture.stacktrace);
 
     return frame_count;
-}
\ No newline at end of file
+}