OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6ab2779) | patch
Fix DynamicRefTable::load security bug
authorRyan Mitchell <rtmitchell@google.com>
Wed, 30 May 2018 19:17:01 +0000 (12:17 -0700)
committerandroid-build-team Robot <android-build-team-robot@google.com>
Fri, 3 Aug 2018 19:06:26 +0000 (19:06 +0000)
commite87a7c9dc05c41b4a82929ca43133fbd584628c7
tree57d752c537c3af25a31f9906f50d409c0e3166c6tree | snapshot
parent6ab2779351c4d68e79f39d6858bbc07649637897commit | diff
Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.

Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
        -t android.appsecurity.cts.CorruptApkTests

Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit 18a6ada4aa136da4f50f03fff91d61d448ced195)
libs/androidfw/ResourceTypes.cpp diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help