diff options
| -rw-r--r-- | applypatch/imgdiff.cpp | 40 | ||||
| -rw-r--r-- | applypatch/include/applypatch/imgdiff_image.h | 3 | ||||
| -rw-r--r-- | install/install.cpp | 16 | ||||
| -rw-r--r-- | install/verifier.cpp | 8 | ||||
| -rw-r--r-- | install/wipe_device.cpp | 9 | ||||
| -rw-r--r-- | minadbd/Android.bp | 1 | ||||
| -rw-r--r-- | minadbd/AndroidTest.xml | 3 | ||||
| -rw-r--r-- | recovery.cpp | 6 | ||||
| -rw-r--r-- | tests/AndroidTest.xml | 28 | ||||
| -rw-r--r-- | tests/unit/install_test.cpp | 2 | ||||
| -rw-r--r-- | tests/unit/package_test.cpp | 2 | ||||
| -rw-r--r-- | tests/unit/zip_test.cpp | 2 | ||||
| -rw-r--r-- | tools/recovery_l10n/res/values-ar/strings.xml | 4 | ||||
| -rw-r--r-- | tools/recovery_l10n/res/values-hy/strings.xml | 2 | ||||
| -rw-r--r-- | tools/recovery_l10n/res/values-ur/strings.xml | 4 | ||||
| -rw-r--r-- | updater/blockimg.cpp | 8 | ||||
| -rw-r--r-- | updater/install.cpp | 10 | ||||
| -rw-r--r-- | updater/target_files.cpp | 13 | ||||
| -rw-r--r-- | updater/updater.cpp | 9 |
19 files changed, 131 insertions, 39 deletions
diff --git a/applypatch/imgdiff.cpp b/applypatch/imgdiff.cpp index 85860281a..376c511c2 100644 --- a/applypatch/imgdiff.cpp +++ b/applypatch/imgdiff.cpp @@ -682,9 +682,9 @@ bool ZipModeImage::InitializeChunks(const std::string& filename, ZipArchiveHandl } // Create a list of deflated zip entries, sorted by offset. - std::vector<std::pair<std::string, ZipEntry>> temp_entries; + std::vector<std::pair<std::string, ZipEntry64>> temp_entries; std::string name; - ZipEntry entry; + ZipEntry64 entry; while ((ret = Next(cookie, &entry, &name)) == 0) { if (entry.method == kCompressDeflated || limit_ > 0) { temp_entries.emplace_back(name, entry); @@ -712,8 +712,14 @@ bool ZipModeImage::InitializeChunks(const std::string& filename, ZipArchiveHandl // Add the end of zip file (mainly central directory) as a normal chunk. size_t entries_end = 0; if (!temp_entries.empty()) { - entries_end = static_cast<size_t>(temp_entries.back().second.offset + - temp_entries.back().second.compressed_length); + CHECK_GE(temp_entries.back().second.offset, 0); + if (__builtin_add_overflow(temp_entries.back().second.offset, + temp_entries.back().second.compressed_length, &entries_end)) { + LOG(ERROR) << "`entries_end` overflows on entry with offset " + << temp_entries.back().second.offset << " and compressed_length " + << temp_entries.back().second.compressed_length; + return false; + } } CHECK_LT(entries_end, file_content_.size()); chunks_.emplace_back(CHUNK_NORMAL, entries_end, &file_content_, @@ -735,8 +741,16 @@ bool ZipModeImage::InitializeChunks(const std::string& filename, ZipArchiveHandl LOG(ERROR) << "Failed to add " << entry_name << " to target chunks"; return false; } - - pos += temp_entries[nextentry].second.compressed_length; + if (temp_entries[nextentry].second.compressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Entry " << name << " compressed size exceeds size of address space. " + << entry.compressed_length; + return false; + } + if (__builtin_add_overflow(pos, temp_entries[nextentry].second.compressed_length, &pos)) { + LOG(ERROR) << "`pos` overflows after adding " + << temp_entries[nextentry].second.compressed_length; + return false; + } ++nextentry; continue; } @@ -757,7 +771,13 @@ bool ZipModeImage::InitializeChunks(const std::string& filename, ZipArchiveHandl } bool ZipModeImage::AddZipEntryToChunks(ZipArchiveHandle handle, const std::string& entry_name, - ZipEntry* entry) { + ZipEntry64* entry) { + if (entry->compressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to add " << entry_name + << " because's compressed size exceeds size of address space. " + << entry->compressed_length; + return false; + } size_t compressed_len = entry->compressed_length; if (compressed_len == 0) return true; @@ -775,6 +795,12 @@ bool ZipModeImage::AddZipEntryToChunks(ZipArchiveHandle handle, const std::strin } } else if (entry->method == kCompressDeflated) { size_t uncompressed_len = entry->uncompressed_length; + if (uncompressed_len > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to add " << entry_name + << " because's compressed size exceeds size of address space. " + << uncompressed_len; + return false; + } std::vector<uint8_t> uncompressed_data(uncompressed_len); int ret = ExtractToMemory(handle, entry, uncompressed_data.data(), uncompressed_len); if (ret != 0) { diff --git a/applypatch/include/applypatch/imgdiff_image.h b/applypatch/include/applypatch/imgdiff_image.h index aa8d129c3..b579e56ae 100644 --- a/applypatch/include/applypatch/imgdiff_image.h +++ b/applypatch/include/applypatch/imgdiff_image.h @@ -257,7 +257,8 @@ class ZipModeImage : public Image { // Initialize image chunks based on the zip entries. bool InitializeChunks(const std::string& filename, ZipArchiveHandle handle); // Add the a zip entry to the list. - bool AddZipEntryToChunks(ZipArchiveHandle handle, const std::string& entry_name, ZipEntry* entry); + bool AddZipEntryToChunks(ZipArchiveHandle handle, const std::string& entry_name, + ZipEntry64* entry); // Return the real size of the zip file. (omit the trailing zeros that used for alignment) bool GetZipFileSize(size_t* input_file_size); diff --git a/install/install.cpp b/install/install.cpp index 1c711f6b3..1b220cb39 100644 --- a/install/install.cpp +++ b/install/install.cpp @@ -77,7 +77,7 @@ bool ReadMetadataFromPackage(ZipArchiveHandle zip, std::map<std::string, std::st CHECK(metadata != nullptr); static constexpr const char* METADATA_PATH = "META-INF/com/android/metadata"; - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(zip, METADATA_PATH, &entry) != 0) { LOG(ERROR) << "Failed to find " << METADATA_PATH; return false; @@ -241,12 +241,18 @@ bool SetUpAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int // For A/B updates we extract the payload properties to a buffer and obtain the RAW payload offset // in the zip file. static constexpr const char* AB_OTA_PAYLOAD_PROPERTIES = "payload_properties.txt"; - ZipEntry properties_entry; + ZipEntry64 properties_entry; if (FindEntry(zip, AB_OTA_PAYLOAD_PROPERTIES, &properties_entry) != 0) { LOG(ERROR) << "Failed to find " << AB_OTA_PAYLOAD_PROPERTIES; return false; } - uint32_t properties_entry_length = properties_entry.uncompressed_length; + auto properties_entry_length = properties_entry.uncompressed_length; + if (properties_entry_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << AB_OTA_PAYLOAD_PROPERTIES + << " because's uncompressed size exceeds size of address space. " + << properties_entry_length; + return false; + } std::vector<uint8_t> payload_properties(properties_entry_length); int32_t err = ExtractToMemory(zip, &properties_entry, payload_properties.data(), properties_entry_length); @@ -256,7 +262,7 @@ bool SetUpAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, int } static constexpr const char* AB_OTA_PAYLOAD = "payload.bin"; - ZipEntry payload_entry; + ZipEntry64 payload_entry; if (FindEntry(zip, AB_OTA_PAYLOAD, &payload_entry) != 0) { LOG(ERROR) << "Failed to find " << AB_OTA_PAYLOAD; return false; @@ -278,7 +284,7 @@ bool SetUpNonAbUpdateCommands(const std::string& package, ZipArchiveHandle zip, // In non-A/B updates we extract the update binary from the package. static constexpr const char* UPDATE_BINARY_NAME = "META-INF/com/google/android/update-binary"; - ZipEntry binary_entry; + ZipEntry64 binary_entry; if (FindEntry(zip, UPDATE_BINARY_NAME, &binary_entry) != 0) { LOG(ERROR) << "Failed to find update binary " << UPDATE_BINARY_NAME; return false; diff --git a/install/verifier.cpp b/install/verifier.cpp index ab750442d..3f0260138 100644 --- a/install/verifier.cpp +++ b/install/verifier.cpp @@ -321,8 +321,14 @@ static std::vector<Certificate> IterateZipEntriesAndSearchForKeys(const ZipArchi std::vector<Certificate> result; std::string_view name; - ZipEntry entry; + ZipEntry64 entry; while ((iter_status = Next(cookie, &entry, &name)) == 0) { + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << name + << " because's uncompressed size exceeds size of address space. " + << entry.uncompressed_length; + return {}; + } std::vector<uint8_t> pem_content(entry.uncompressed_length); if (int32_t extract_status = ExtractToMemory(handle, &entry, pem_content.data(), pem_content.size()); diff --git a/install/wipe_device.cpp b/install/wipe_device.cpp index 89d5d31a3..915c87b45 100644 --- a/install/wipe_device.cpp +++ b/install/wipe_device.cpp @@ -49,9 +49,14 @@ std::vector<std::string> GetWipePartitionList(Package* wipe_package) { constexpr char RECOVERY_WIPE_ENTRY_NAME[] = "recovery.wipe"; std::string partition_list_content; - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(zip, RECOVERY_WIPE_ENTRY_NAME, &entry) == 0) { - uint32_t length = entry.uncompressed_length; + auto length = entry.uncompressed_length; + if (length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << RECOVERY_WIPE_ENTRY_NAME + << " because's uncompressed size exceeds size of address space. " << length; + return {}; + } partition_list_content = std::string(length, '\0'); if (auto err = ExtractToMemory( zip, &entry, reinterpret_cast<uint8_t*>(partition_list_content.data()), length); diff --git a/minadbd/Android.bp b/minadbd/Android.bp index 4cdcac6d9..b6ca59efa 100644 --- a/minadbd/Android.bp +++ b/minadbd/Android.bp @@ -135,4 +135,5 @@ cc_test { test_suites: [ "device-tests", ], + require_root: true, } diff --git a/minadbd/AndroidTest.xml b/minadbd/AndroidTest.xml index 7ea235b7c..dbcbac250 100644 --- a/minadbd/AndroidTest.xml +++ b/minadbd/AndroidTest.xml @@ -18,9 +18,10 @@ <option name="cleanup" value="true" /> <option name="push" value="minadbd_test->/data/local/tmp/minadbd_test" /> </target_preparer> + <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/> <option name="test-suite-tag" value="apct" /> <test class="com.android.tradefed.testtype.GTest" > <option name="native-test-device-path" value="/data/local/tmp" /> <option name="module-name" value="minadbd_test" /> </test> -</configuration>
\ No newline at end of file +</configuration> diff --git a/recovery.cpp b/recovery.cpp index 84deeb45f..36924fbdf 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -421,15 +421,15 @@ static Device::BuiltinAction PromptAndWait(Device* device, InstallResult status) case Device::REBOOT: case Device::SHUTDOWN: if (!ui->IsTextVisible()) { - return Device::REBOOT; + return chosen_action; } // okay to reboot; no need to ask. if (!update_in_progress) { - return Device::REBOOT; + return chosen_action; } // An update might have been failed. Ask if user really wants to reboot. if (AskToReboot(device, chosen_action)) { - return Device::REBOOT; + return chosen_action; } break; diff --git a/tests/AndroidTest.xml b/tests/AndroidTest.xml new file mode 100644 index 000000000..0ac75e4ea --- /dev/null +++ b/tests/AndroidTest.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2020 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration description="Runs recovery_host_test."> + <option name="null-device" value="true" /> + + <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"> + <option name="force-root" value="false" /> + </target_preparer> + <option name="not-shardable" value="true" /> + + <test class="com.android.tradefed.testtype.HostGTest" > + <option name="module-name" value="recovery_host_test" /> + <option name="native-test-timeout" value="5m"/> + </test> +</configuration> diff --git a/tests/unit/install_test.cpp b/tests/unit/install_test.cpp index fc7c2bf2f..c3415479d 100644 --- a/tests/unit/install_test.cpp +++ b/tests/unit/install_test.cpp @@ -190,7 +190,7 @@ static void VerifyAbUpdateCommands(const std::string& serialno, bool success = t ZipArchiveHandle zip; ASSERT_EQ(0, OpenArchive(temp_file.path, &zip)); - ZipEntry payload_entry; + ZipEntry64 payload_entry; ASSERT_EQ(0, FindEntry(zip, "payload.bin", &payload_entry)); std::map<std::string, std::string> metadata; diff --git a/tests/unit/package_test.cpp b/tests/unit/package_test.cpp index 5e31f7fa5..164a93d57 100644 --- a/tests/unit/package_test.cpp +++ b/tests/unit/package_test.cpp @@ -106,7 +106,7 @@ TEST_F(PackageTest, GetZipArchiveHandle_extract_entry) { // Check that we can extract one zip entry. std::string_view entry_name = "dir1/file3.txt"; - ZipEntry entry; + ZipEntry64 entry; ASSERT_EQ(0, FindEntry(zip, entry_name, &entry)); std::vector<uint8_t> extracted(entry_name.size()); diff --git a/tests/unit/zip_test.cpp b/tests/unit/zip_test.cpp index ec9585c79..e065bb859 100644 --- a/tests/unit/zip_test.cpp +++ b/tests/unit/zip_test.cpp @@ -37,7 +37,7 @@ TEST(ZipTest, OpenFromMemory) { ASSERT_EQ(0, OpenArchiveFromMemory(map.addr, map.length, zip_path.c_str(), &handle)); static constexpr const char* BINARY_PATH = "META-INF/com/google/android/update-binary"; - ZipEntry binary_entry; + ZipEntry64 binary_entry; // Make sure the package opens correctly and its entry can be read. ASSERT_EQ(0, FindEntry(handle, BINARY_PATH, &binary_entry)); diff --git a/tools/recovery_l10n/res/values-ar/strings.xml b/tools/recovery_l10n/res/values-ar/strings.xml index 69191287d..a9cd2d133 100644 --- a/tools/recovery_l10n/res/values-ar/strings.xml +++ b/tools/recovery_l10n/res/values-ar/strings.xml @@ -1,11 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <resources xmlns:android="http://schemas.android.com/apk/res/android" xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2"> - <string name="recovery_installing" msgid="2013591905463558223">"جارٍ تثبيت إعادة تحميل النظام"</string> + <string name="recovery_installing" msgid="2013591905463558223">"جارٍ تثبيت تحديث النظام"</string> <string name="recovery_erasing" msgid="7334826894904037088">"جارٍ محو البيانات"</string> <string name="recovery_no_command" msgid="4465476568623024327">"ليس هناك أي أمر"</string> <string name="recovery_error" msgid="5748178989622716736">"خطأ!"</string> - <string name="recovery_installing_security" msgid="9184031299717114342">"جارٍ تثبيت إعادة تحميل الأمان"</string> + <string name="recovery_installing_security" msgid="9184031299717114342">"جارٍ تثبيت تحديث الأمان"</string> <string name="recovery_wipe_data_menu_header" msgid="550255032058254478">"يتعذَّر تحميل نظام Android، حيث قد تكون بياناتك تالفة. وإذا استمر ظهور هذه الرسالة، قد يتعيَّن عليك إجراء إعادة الضبط على الإعدادات الأصلية ومحو جميع بيانات المستخدم المُخزَّنة على هذا الجهاز."</string> <string name="recovery_try_again" msgid="7168248750158873496">"إعادة المحاولة"</string> <string name="recovery_factory_data_reset" msgid="7321351565602894783">"إعادة الضبط على الإعدادات الأصلية"</string> diff --git a/tools/recovery_l10n/res/values-hy/strings.xml b/tools/recovery_l10n/res/values-hy/strings.xml index 35a0ab113..76c28a707 100644 --- a/tools/recovery_l10n/res/values-hy/strings.xml +++ b/tools/recovery_l10n/res/values-hy/strings.xml @@ -9,6 +9,6 @@ <string name="recovery_wipe_data_menu_header" msgid="550255032058254478">"Չհաջողվեց բեռնել Android համակարգը։ Հնարավոր է՝ ձեր տվյալները վնասված են։ Եթե նորից տեսնեք այս հաղորդագրությունը, փորձեք վերակայել սարքի կարգավորումները և ջնջել օգտատիրոջ բոլոր տվյալները։"</string> <string name="recovery_try_again" msgid="7168248750158873496">"Նորից փորձել"</string> <string name="recovery_factory_data_reset" msgid="7321351565602894783">"Վերակայել բոլոր տվյալները"</string> - <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"Մաքրե՞լ օգտատիրոջ բոլոր տվյալները։\n\n ԱՅՍ ԳՈՐԾՈՂՈՒԹՅՈՒՆԸ ՀՆԱՐԱՎՈՐ ՉԻ ԼԻՆԻ ՀԵՏԱՐԿԵԼ"</string> + <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"Ջնջե՞լ օգտատիրոջ բոլոր տվյալները։\n\n ԱՅՍ ԳՈՐԾՈՂՈՒԹՅՈՒՆԸ ՀՆԱՐԱՎՈՐ ՉԻ ԼԻՆԻ ՀԵՏԱՐԿԵԼ"</string> <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"Չեղարկել"</string> </resources> diff --git a/tools/recovery_l10n/res/values-ur/strings.xml b/tools/recovery_l10n/res/values-ur/strings.xml index da03f1972..13dc6b37d 100644 --- a/tools/recovery_l10n/res/values-ur/strings.xml +++ b/tools/recovery_l10n/res/values-ur/strings.xml @@ -6,9 +6,9 @@ <string name="recovery_no_command" msgid="4465476568623024327">"کوئی کمانڈ نہیں ہے"</string> <string name="recovery_error" msgid="5748178989622716736">"خرابی!"</string> <string name="recovery_installing_security" msgid="9184031299717114342">"سیکیورٹی اپ ڈیٹ انسٹال ہو رہی ہے"</string> - <string name="recovery_wipe_data_menu_header" msgid="550255032058254478">"Android سسٹم لوڈ نہیں کیا جا سکتا۔ آپ کا ڈیٹا خراب ہو سکتا ہے۔ اگر آپ کو مستقل یہ پیغام موصول ہوتا ہے تو آپ کو فیکٹری ڈیٹا کی دوبارہ ترتیب انجام دینے اور اس آلہ پر اسٹور کردہ سبھی صارف ڈیٹا کو مٹانے کی ضرورت پڑ سکتی ہے۔"</string> + <string name="recovery_wipe_data_menu_header" msgid="550255032058254478">"Android سسٹم لوڈ نہیں کیا جا سکتا۔ آپ کا ڈیٹا خراب ہو سکتا ہے۔ اگر آپ کو مستقل یہ پیغام موصول ہوتا ہے تو آپ کو فیکٹری ڈیٹا ری سیٹ انجام دینے اور اس آلہ پر اسٹور کردہ سبھی صارف ڈیٹا کو مٹانے کی ضرورت پڑ سکتی ہے۔"</string> <string name="recovery_try_again" msgid="7168248750158873496">"دوبارہ کوشش کریں"</string> - <string name="recovery_factory_data_reset" msgid="7321351565602894783">"فیکٹری ڈیٹا کی دوبارہ ترتیب"</string> + <string name="recovery_factory_data_reset" msgid="7321351565602894783">"فیکٹری ڈیٹا ری سیٹ"</string> <string name="recovery_wipe_data_confirmation" msgid="5439823343348043954">"سبھی صارف ڈیٹا صاف کریں؟\n\n اسے کالعدم نہیں کیا جا سکتا!"</string> <string name="recovery_cancel_wipe_data" msgid="66987687653647384">"منسوخ کریں"</string> </resources> diff --git a/updater/blockimg.cpp b/updater/blockimg.cpp index 2d41f610b..b29aa8ce3 100644 --- a/updater/blockimg.cpp +++ b/updater/blockimg.cpp @@ -348,7 +348,7 @@ class RangeSinkWriter { */ struct NewThreadInfo { ZipArchiveHandle za; - ZipEntry entry; + ZipEntry64 entry{}; bool brotli_compressed; std::unique_ptr<RangeSinkWriter> writer; @@ -1626,7 +1626,7 @@ static bool Sha1DevicePath(const std::string& path, uint8_t digest[SHA_DIGEST_LE static Value* PerformBlockImageUpdate(const char* name, State* state, const std::vector<std::unique_ptr<Expr>>& argv, const CommandMap& command_map, bool dryrun) { - CommandParameters params = {}; + CommandParameters params{}; stash_map.clear(); params.canwrite = !dryrun; @@ -1687,7 +1687,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, } std::string_view path_data(patch_data_fn->data); - ZipEntry patch_entry; + ZipEntry64 patch_entry; if (FindEntry(za, path_data, &patch_entry) != 0) { LOG(ERROR) << name << "(): no file \"" << patch_data_fn->data << "\" in package"; return StringValue(""); @@ -1695,7 +1695,7 @@ static Value* PerformBlockImageUpdate(const char* name, State* state, params.patch_start = updater->GetMappedPackageAddress() + patch_entry.offset; std::string_view new_data(new_data_fn->data); - ZipEntry new_entry; + ZipEntry64 new_entry; if (FindEntry(za, new_data, &new_entry) != 0) { LOG(ERROR) << name << "(): no file \"" << new_data_fn->data << "\" in package"; return StringValue(""); diff --git a/updater/install.cpp b/updater/install.cpp index afa5195d0..295965047 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -35,6 +35,7 @@ #include <unistd.h> #include <utime.h> +#include <limits> #include <memory> #include <string> #include <vector> @@ -115,7 +116,7 @@ Value* PackageExtractFileFn(const char* name, State* state, std::string dest_path = args[1]; ZipArchiveHandle za = state->updater->GetPackageHandle(); - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(za, zip_path, &entry) != 0) { LOG(ERROR) << name << ": no " << zip_path << " in package"; return StringValue(""); @@ -165,13 +166,18 @@ Value* PackageExtractFileFn(const char* name, State* state, const std::string& zip_path = args[0]; ZipArchiveHandle za = state->updater->GetPackageHandle(); - ZipEntry entry; + ZipEntry64 entry; if (FindEntry(za, zip_path, &entry) != 0) { return ErrorAbort(state, kPackageExtractFileFailure, "%s(): no %s in package", name, zip_path.c_str()); } std::string buffer; + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + return ErrorAbort(state, kPackageExtractFileFailure, + "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name, + zip_path.c_str()); + } buffer.resize(entry.uncompressed_length); int32_t ret = diff --git a/updater/target_files.cpp b/updater/target_files.cpp index 919ec4e04..207146f52 100644 --- a/updater/target_files.cpp +++ b/updater/target_files.cpp @@ -115,7 +115,7 @@ bool TargetFile::EntryExists(const std::string_view name) const { } CHECK(handle_); - ZipEntry img_entry; + ZipEntry64 img_entry; return FindEntry(handle_, name, &img_entry) == 0; } @@ -126,7 +126,7 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con } CHECK(handle_); - ZipEntry entry; + ZipEntry64 entry; if (auto find_err = FindEntry(handle_, name, &entry); find_err != 0) { LOG(ERROR) << "failed to find " << name << " in the package: " << ErrorCodeString(find_err); return false; @@ -137,6 +137,13 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con return true; } + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << name + << " because's uncompressed size exceeds size of address space. " + << entry.uncompressed_length; + return false; + } + content->resize(entry.uncompressed_length); if (auto extract_err = ExtractToMemory( handle_, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length); @@ -157,7 +164,7 @@ bool TargetFile::ExtractEntryToTempFile(const std::string_view name, } CHECK(handle_); - ZipEntry entry; + ZipEntry64 entry; if (auto find_err = FindEntry(handle_, name, &entry); find_err != 0) { LOG(ERROR) << "failed to find " << name << " in the package: " << ErrorCodeString(find_err); return false; diff --git a/updater/updater.cpp b/updater/updater.cpp index 8f4a6ede5..c52673462 100644 --- a/updater/updater.cpp +++ b/updater/updater.cpp @@ -163,14 +163,19 @@ void Updater::ParseAndReportErrorCode(State* state) { bool Updater::ReadEntryToString(ZipArchiveHandle za, const std::string& entry_name, std::string* content) { - ZipEntry entry; + ZipEntry64 entry; int find_err = FindEntry(za, entry_name, &entry); if (find_err != 0) { LOG(ERROR) << "failed to find " << entry_name << " in the package: " << ErrorCodeString(find_err); return false; } - + if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) { + LOG(ERROR) << "Failed to extract " << entry_name + << " because's uncompressed size exceeds size of address space. " + << entry.uncompressed_length; + return false; + } content->resize(entry.uncompressed_length); int extract_err = ExtractToMemory(za, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length); |