diff options
| author | Ryan Mitchell <rtmitchell@google.com> | 2020-11-16 23:08:18 +0000 |
|---|---|---|
| committer | Ryan Mitchell <rtmitchell@google.com> | 2020-11-17 23:01:35 +0000 |
| commit | db21f09a8e02bcfd3fefea68084667688268f1fa (patch) | |
| tree | c9b22a2676936eaf56ee1160c9349632ccd7ba44 /libs/androidfw/ZipUtils.cpp | |
| parent | 687f5e163f24ff31f822f986fd7a99b8832b6286 (diff) | |
Revert^2 "libandroidfw hardening for IncFs"
55ef6167a2c235bd88c7216238b2001b46795b79
Change-Id: I02d4890d181655dfd0a14c188468db512559d27b
Diffstat (limited to 'libs/androidfw/ZipUtils.cpp')
| -rw-r--r-- | libs/androidfw/ZipUtils.cpp | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/libs/androidfw/ZipUtils.cpp b/libs/androidfw/ZipUtils.cpp index 568e3b63d67f..58fc5bbbab5e 100644 --- a/libs/androidfw/ZipUtils.cpp +++ b/libs/androidfw/ZipUtils.cpp @@ -40,7 +40,7 @@ class FileReader : public zip_archive::Reader { explicit FileReader(FILE* fp) : Reader(), mFp(fp), mCurrentOffset(0) { } - bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const { + bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const override { // Data is usually requested sequentially, so this helps avoid pointless // fseeks every time we perform a read. There's an impedence mismatch // here because the original API was designed around pread and pwrite. @@ -71,7 +71,7 @@ class FdReader : public zip_archive::Reader { explicit FdReader(int fd) : mFd(fd) { } - bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const { + bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const override { return android::base::ReadFullyAtOffset(mFd, buf, len, offset); } @@ -81,22 +81,27 @@ class FdReader : public zip_archive::Reader { class BufferReader : public zip_archive::Reader { public: - BufferReader(const void* input, size_t inputSize) : Reader(), - mInput(reinterpret_cast<const uint8_t*>(input)), + BufferReader(incfs::map_ptr<void> input, size_t inputSize) : Reader(), + mInput(input.convert<uint8_t>()), mInputSize(inputSize) { } - bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const { + bool ReadAtOffset(uint8_t* buf, size_t len, off64_t offset) const override { if (mInputSize < len || offset > mInputSize - len) { return false; } - memcpy(buf, mInput + offset, len); + const incfs::map_ptr<uint8_t> pos = mInput.offset(offset); + if (!pos.verify(len)) { + return false; + } + + memcpy(buf, pos.unsafe_ptr(), len); return true; } private: - const uint8_t* mInput; + const incfs::map_ptr<uint8_t> mInput; const size_t mInputSize; }; @@ -138,7 +143,7 @@ class BufferWriter : public zip_archive::Writer { return (zip_archive::Inflate(reader, compressedLen, uncompressedLen, &writer, nullptr) == 0); } -/*static*/ bool ZipUtils::inflateToBuffer(const void* in, void* buf, +/*static*/ bool ZipUtils::inflateToBuffer(incfs::map_ptr<void> in, void* buf, long uncompressedLen, long compressedLen) { BufferReader reader(in, compressedLen); |