OSDN Git Service
(root)
/
android-x86
/
system-bt.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8b5ed73
)
Fix potential arithmetic overflow in btif_config_set_bin
author
Chienyuan
<chienyuanhuang@google.com>
Wed, 30 Jan 2019 11:51:43 +0000
(19:51 +0800)
committer
Chienyuan
<chienyuanhuang@google.com>
Wed, 30 Jan 2019 14:57:37 +0000
(22:57 +0800)
Bug:
113572342
Test: manual
Change-Id: If9d375c2aa7e363f8a69df32aa7e423c8e0d130d
btif/src/btif_config.cc
patch
|
blob
|
history
diff --git
a/btif/src/btif_config.cc
b/btif/src/btif_config.cc
index
c017c0f
..
4b254c7
100644
(file)
--- a/
btif/src/btif_config.cc
+++ b/
btif/src/btif_config.cc
@@
-413,6
+413,12
@@
bool btif_config_set_bin(const std::string& section, const std::string& key,
if (length > 0) CHECK(value != NULL);
+ size_t max_value = ((size_t)-1);
+ if (((max_value - 1) / 2) < length) {
+ LOG(ERROR) << __func__ << ": length too long";
+ return false;
+ }
+
char* str = (char*)osi_calloc(length * 2 + 1);
for (size_t i = 0; i < length; ++i) {