Fix unhandled null characters in Android logs (#12743)

# Objective Fix #12728. Fix unsoundnesss from unhandled null characters in Android logs. ## Solution Use `CString` instead of using formatted Strings. Properly document the safety invariants of the FFI call.
2024-03-28 20:04:46 -07:00 · 2024-03-28 20:04:46 -07:00 · 03419444b6
commit 03419444b6
parent ba1aca3b57
1 changed files with 19 additions and 17 deletions
--- a/crates/bevy_log/src/android_tracing.rs
+++ b/crates/bevy_log/src/android_tracing.rs
@ -3,7 +3,10 @@ use bevy_utils::tracing::{
    span::{Attributes, Record},
    Event, Id, Level, Subscriber,
 };
-use std::fmt::{Debug, Write};
+use std::{
+    ffi::CString,
+    fmt::{Debug, Write},
+};
 use tracing_subscriber::{field::Visit, layer::Context, registry::LookupSpan, Layer};

 #[derive(Default)]
@ -37,16 +40,6 @@ impl Visit for StringRecorder {
    }
 }

-impl core::fmt::Display for StringRecorder {
-    fn fmt(&self, mut f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
-        if !self.0.is_empty() {
-            write!(&mut f, " {}", self.0)
-        } else {
-            Ok(())
-        }
-    }
-}
-
 impl core::default::Default for StringRecorder {
    fn default() -> Self {
        StringRecorder::new()
@ -74,24 +67,33 @@ impl<S: Subscriber + for<'a> LookupSpan<'a>> Layer<S> for AndroidLayer {
    }

    fn on_event(&self, event: &Event<'_>, _ctx: Context<'_, S>) {
+        fn sanitize(string: &str) -> CString {
+            let mut bytes: Vec<u8> = string
+                .as_bytes()
+                .into_iter()
+                .copied()
+                .filter(|byte| *byte != 0)
+                .collect();
+            CString::new(bytes).unwrap()
+        }
+
        let mut recorder = StringRecorder::new();
        event.record(&mut recorder);
        let meta = event.metadata();
-        let level = meta.level();
-        let priority = match *level {
+        let priority = match *meta.level() {
            Level::TRACE => android_log_sys::LogPriority::VERBOSE,
            Level::DEBUG => android_log_sys::LogPriority::DEBUG,
            Level::INFO => android_log_sys::LogPriority::INFO,
            Level::WARN => android_log_sys::LogPriority::WARN,
            Level::ERROR => android_log_sys::LogPriority::ERROR,
        };
-        let message = format!("{}\0", recorder);
-        let tag = format!("{}\0", meta.name());
+        // SAFETY: Called only on Android platforms. priority is guaranteed to be in range of c_int.
+        // The provided tag and message are null terminated properly.
        unsafe {
            android_log_sys::__android_log_write(
                priority as android_log_sys::c_int,
-                tag.as_ptr() as *const android_log_sys::c_char,
-                message.as_ptr() as *const android_log_sys::c_char,
+                sanitize(meta.name()).as_ptr(),
+                sanitize(&recorder.0).as_ptr(),
            );
        }
    }