OSDN Git Service
(root)
/
android-x86
/
frameworks-base.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6a9c7c4
)
Check for null-terminator in ResStringPool::string8At
author
Adam Lesinski
<adamlesinski@google.com>
Fri, 10 Nov 2017 01:12:17 +0000
(17:12 -0800)
committer
Adam Lesinski
<adamlesinski@google.com>
Wed, 17 Jan 2018 22:19:39 +0000
(22:19 +0000)
All other stringAt methods check for null termination. Be consistent
so that upper levels don't end up with huge corrupt strings.
Bug:
62537081
Test: none
Change-Id: I17bdfb0c1e34507b66c6cad651bbdb12c5d4c417
(cherry picked from commit
3d35a0ea307693a97583a61973e729a5e7db2687
)
(cherry picked from commit
97f8cb01149b35b1832c7f9efe85ff19edf1083e
)
libs/androidfw/ResourceTypes.cpp
patch
|
blob
|
history
diff --git
a/libs/androidfw/ResourceTypes.cpp
b/libs/androidfw/ResourceTypes.cpp
index
bdb53c3
..
de2bf6a
100644
(file)
--- a/
libs/androidfw/ResourceTypes.cpp
+++ b/
libs/androidfw/ResourceTypes.cpp
@@
-785,7
+785,13
@@
const char* ResStringPool::string8At(size_t idx, size_t* outLen) const
*outLen = decodeLength(&str);
size_t encLen = decodeLength(&str);
if ((uint32_t)(str+encLen-strings) < mStringPoolSize) {
- return (const char*)str;
+ // Reject malformed (non null-terminated) strings
+ if (str[encLen] != 0x00) {
+ ALOGW("Bad string block: string #%d is not null-terminated",
+ (int)idx);
+ return NULL;
+ }
+ return (const char*)str;
} else {
ALOGW("Bad string block: string #%d extends to %d, past end at %d\n",
(int)idx, (int)(str+encLen-strings), (int)mStringPoolSize);