Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Ryan Mitchell <rtmitchell@google.com>	2018-05-30 12:17:01 -0700
committer	Ryan Mitchell <rtmitchell@google.com>	2018-06-06 17:12:01 +0000
commit	8cf0f988b0c64bcf2c199bb76439c51c257dd162 (patch)
tree	c4cd04cf8e6ffb10bcf9cdb64671d4e0cfbd4a51 /tools/aapt2/java/JavaClassGenerator.cpp
parent	857326e3731939f6ec7979e1d86585bf0ea484f4 (diff)

Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent buffer overflows. This changes verifies the bounds of the header before attempting to preform operations on the chunk. Bug: 79488511 Test: run cts -m CtsAppSecurityHostTestCases \ -t android.appsecurity.cts.CorruptApkTests Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846 Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846

Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: