diff options
| author | Ryan Mitchell <rtmitchell@google.com> | 2020-12-14 20:42:03 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-12-14 20:42:03 +0000 |
| commit | 314863c132479b108f0ce61a5a753123cd3a15ca (patch) | |
| tree | 8c2c62e7f5964b3ed503f1f2c753d0850ac70dec /libs/androidfw/ChunkIterator.cpp | |
| parent | 2991744d472491889d9ba465c8f96c1022af5df0 (diff) | |
| parent | a45506e6f6619f59ce1ae94b20ad377b86966be0 (diff) | |
Merge changes from topic "inc-hard-am"
* changes:
Revert^2 "Cache resolved theme values"
Set resource id correctly when resolve fails
Revert^2 "libandroidfw hardening for IncFs"
idmap2: remove call to obsolete 'idmap2 verify' from valgrind.sh
idmap2: remove the 'scan' command
Diffstat (limited to 'libs/androidfw/ChunkIterator.cpp')
| -rw-r--r-- | libs/androidfw/ChunkIterator.cpp | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/libs/androidfw/ChunkIterator.cpp b/libs/androidfw/ChunkIterator.cpp index 8fc321968055..25c8aa64e492 100644 --- a/libs/androidfw/ChunkIterator.cpp +++ b/libs/androidfw/ChunkIterator.cpp @@ -15,6 +15,7 @@ */ #include "androidfw/Chunk.h" +#include "androidfw/Util.h" #include "android-base/logging.h" @@ -23,11 +24,11 @@ namespace android { Chunk ChunkIterator::Next() { CHECK(len_ != 0) << "called Next() after last chunk"; - const ResChunk_header* this_chunk = next_chunk_; + const incfs::map_ptr<ResChunk_header> this_chunk = next_chunk_; + CHECK((bool) this_chunk) << "Next() called without verifying next chunk"; // We've already checked the values of this_chunk, so safely increment. - next_chunk_ = reinterpret_cast<const ResChunk_header*>( - reinterpret_cast<const uint8_t*>(this_chunk) + dtohl(this_chunk->size)); + next_chunk_ = this_chunk.offset(dtohl(this_chunk->size)).convert<ResChunk_header>(); len_ -= dtohl(this_chunk->size); if (len_ != 0) { @@ -36,7 +37,7 @@ Chunk ChunkIterator::Next() { VerifyNextChunk(); } } - return Chunk(this_chunk); + return Chunk(this_chunk.verified()); } // TODO(b/111401637) remove this and have full resource file verification @@ -47,6 +48,13 @@ bool ChunkIterator::VerifyNextChunkNonFatal() { last_error_was_fatal_ = false; return false; } + + if (!next_chunk_) { + last_error_ = "failed to read chunk from data"; + last_error_was_fatal_ = false; + return false; + } + const size_t size = dtohl(next_chunk_->size); if (size > len_) { last_error_ = "chunk size is bigger than given data"; @@ -58,12 +66,10 @@ bool ChunkIterator::VerifyNextChunkNonFatal() { // Returns false if there was an error. bool ChunkIterator::VerifyNextChunk() { - const uintptr_t header_start = reinterpret_cast<uintptr_t>(next_chunk_); - // This data must be 4-byte aligned, since we directly // access 32-bit words, which must be aligned on // certain architectures. - if (header_start & 0x03) { + if (!util::IsFourByteAligned(next_chunk_)) { last_error_ = "header not aligned on 4-byte boundary"; return false; } @@ -73,6 +79,11 @@ bool ChunkIterator::VerifyNextChunk() { return false; } + if (!next_chunk_) { + last_error_ = "failed to read chunk from data"; + return false; + } + const size_t header_size = dtohs(next_chunk_->headerSize); const size_t size = dtohl(next_chunk_->size); if (header_size < sizeof(ResChunk_header)) { @@ -90,7 +101,7 @@ bool ChunkIterator::VerifyNextChunk() { return false; } - if ((size | header_size) & 0x03) { + if ((size | header_size) & 0x03U) { last_error_ = "header sizes are not aligned on 4-byte boundary"; return false; } |