diff options
| author | Kelvin Zhang <zhangkelvin@google.com> | 2020-09-19 02:51:22 +0200 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-09-19 02:51:22 +0200 |
| commit | c1d2c15785043f5b45082d005d753e830ce602f0 (patch) | |
| tree | f892e9ca467b4f751345a2a3200caf8903a217c9 /install/wipe_device.cpp | |
| parent | Merge "Merge mainline-release 6664920 to master - DO NOT MERGE" (diff) | |
| parent | Check for overflow before allocating memory fore decompression. (diff) | |
| download | android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar.gz android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar.bz2 android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar.lz android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar.xz android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.tar.zst android_bootable_recovery-c1d2c15785043f5b45082d005d753e830ce602f0.zip | |
Diffstat (limited to 'install/wipe_device.cpp')
| -rw-r--r-- | install/wipe_device.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/install/wipe_device.cpp b/install/wipe_device.cpp index 0f896c43b..915c87b45 100644 --- a/install/wipe_device.cpp +++ b/install/wipe_device.cpp @@ -51,7 +51,12 @@ std::vector<std::string> GetWipePartitionList(Package* wipe_package) { std::string partition_list_content; ZipEntry64 entry; if (FindEntry(zip, RECOVERY_WIPE_ENTRY_NAME, &entry) == 0) { - uint32_t length = entry.uncompressed_length; + auto length = entry.uncompressed_length; + if (length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << RECOVERY_WIPE_ENTRY_NAME + << " because's uncompressed size exceeds size of address space. " << length; + return {}; + } partition_list_content = std::string(length, '\0'); if (auto err = ExtractToMemory( zip, &entry, reinterpret_cast<uint8_t*>(partition_list_content.data()), length); |