summaryrefslogtreecommitdiffstats
path: root/updater
diff options
context:
space:
mode:
authorKelvin Zhang <zhangkelvin@google.com>2020-09-21 12:17:04 +0200
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2020-09-21 12:17:04 +0200
commit92b0be79f9c9df0d4107dea923d496b8a90ac18f (patch)
tree96e8884fee217ebe353922cc07425648bfc2e590 /updater
parent[automerger skipped] Merge "Merge mainline-release 6664920 to master - DO NOT MERGE" am: 7a899bb461 am: d3865b7a63 -s ours am: c4eabe78c5 -s ours am: c00dfe5d95 -s ours am: 602f36a0a5 -s ours am: 77ecaa6b06 -s ours (diff)
parentMerge "Check for overflow before allocating memory fore decompression." am: c1d2c15785 am: 115a017218 am: 701b8d660d am: a5c4d3c016 am: 6e970758e1 (diff)
downloadandroid_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar.gz
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar.bz2
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar.lz
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar.xz
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.tar.zst
android_bootable_recovery-92b0be79f9c9df0d4107dea923d496b8a90ac18f.zip
Diffstat (limited to '')
-rw-r--r--updater/install.cpp6
-rw-r--r--updater/target_files.cpp7
-rw-r--r--updater/updater.cpp7
3 files changed, 19 insertions, 1 deletions
diff --git a/updater/install.cpp b/updater/install.cpp
index cfa4d9d82..295965047 100644
--- a/updater/install.cpp
+++ b/updater/install.cpp
@@ -35,6 +35,7 @@
#include <unistd.h>
#include <utime.h>
+#include <limits>
#include <memory>
#include <string>
#include <vector>
@@ -172,6 +173,11 @@ Value* PackageExtractFileFn(const char* name, State* state,
}
std::string buffer;
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ return ErrorAbort(state, kPackageExtractFileFailure,
+ "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name,
+ zip_path.c_str());
+ }
buffer.resize(entry.uncompressed_length);
int32_t ret =
diff --git a/updater/target_files.cpp b/updater/target_files.cpp
index 951923293..207146f52 100644
--- a/updater/target_files.cpp
+++ b/updater/target_files.cpp
@@ -137,6 +137,13 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con
return true;
}
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ LOG(ERROR) << "Failed to extract " << name
+ << " because's uncompressed size exceeds size of address space. "
+ << entry.uncompressed_length;
+ return false;
+ }
+
content->resize(entry.uncompressed_length);
if (auto extract_err = ExtractToMemory(
handle_, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length);
diff --git a/updater/updater.cpp b/updater/updater.cpp
index 73ca0e532..c52673462 100644
--- a/updater/updater.cpp
+++ b/updater/updater.cpp
@@ -170,7 +170,12 @@ bool Updater::ReadEntryToString(ZipArchiveHandle za, const std::string& entry_na
<< " in the package: " << ErrorCodeString(find_err);
return false;
}
-
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ LOG(ERROR) << "Failed to extract " << entry_name
+ << " because's uncompressed size exceeds size of address space. "
+ << entry.uncompressed_length;
+ return false;
+ }
content->resize(entry.uncompressed_length);
int extract_err = ExtractToMemory(za, &entry, reinterpret_cast<uint8_t*>(&content->at(0)),
entry.uncompressed_length);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 09:49:55 +0100