summaryrefslogtreecommitdiffstats
path: root/updater
diff options
context:
space:
mode:
authorKelvin Zhang <zhangkelvin@google.com>2020-09-19 08:16:32 +0200
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2020-09-19 08:16:32 +0200
commit701b8d660d2851ae8aa64386b92acac09be065b9 (patch)
tree6a1b77b1e1a62e27ea23f0940266b7557dec8382 /updater
parent[automerger skipped] Merge "Merge mainline-release 6664920 to master - DO NOT MERGE" am: 7a899bb461 am: d3865b7a63 -s ours (diff)
parentMerge "Check for overflow before allocating memory fore decompression." am: c1d2c15785 (diff)
downloadandroid_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar.gz
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar.bz2
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar.lz
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar.xz
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.tar.zst
android_bootable_recovery-701b8d660d2851ae8aa64386b92acac09be065b9.zip
Diffstat (limited to 'updater')
-rw-r--r--updater/install.cpp6
-rw-r--r--updater/target_files.cpp7
-rw-r--r--updater/updater.cpp7
3 files changed, 19 insertions, 1 deletions
diff --git a/updater/install.cpp b/updater/install.cpp
index cfa4d9d82..295965047 100644
--- a/updater/install.cpp
+++ b/updater/install.cpp
@@ -35,6 +35,7 @@
#include <unistd.h>
#include <utime.h>
+#include <limits>
#include <memory>
#include <string>
#include <vector>
@@ -172,6 +173,11 @@ Value* PackageExtractFileFn(const char* name, State* state,
}
std::string buffer;
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ return ErrorAbort(state, kPackageExtractFileFailure,
+ "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name,
+ zip_path.c_str());
+ }
buffer.resize(entry.uncompressed_length);
int32_t ret =
diff --git a/updater/target_files.cpp b/updater/target_files.cpp
index 951923293..207146f52 100644
--- a/updater/target_files.cpp
+++ b/updater/target_files.cpp
@@ -137,6 +137,13 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con
return true;
}
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ LOG(ERROR) << "Failed to extract " << name
+ << " because's uncompressed size exceeds size of address space. "
+ << entry.uncompressed_length;
+ return false;
+ }
+
content->resize(entry.uncompressed_length);
if (auto extract_err = ExtractToMemory(
handle_, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length);
diff --git a/updater/updater.cpp b/updater/updater.cpp
index 73ca0e532..c52673462 100644
--- a/updater/updater.cpp
+++ b/updater/updater.cpp
@@ -170,7 +170,12 @@ bool Updater::ReadEntryToString(ZipArchiveHandle za, const std::string& entry_na
<< " in the package: " << ErrorCodeString(find_err);
return false;
}
-
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ LOG(ERROR) << "Failed to extract " << entry_name
+ << " because's uncompressed size exceeds size of address space. "
+ << entry.uncompressed_length;
+ return false;
+ }
content->resize(entry.uncompressed_length);
int extract_err = ExtractToMemory(za, &entry, reinterpret_cast<uint8_t*>(&content->at(0)),
entry.uncompressed_length);