Project-1CE/frameworks_base - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	y <rtmitchell@google.com>	2018-04-05 17:57:27 -0700
committer	Atanas Kirilov <akirilov@google.com>	2018-04-13 20:34:18 +0000
commit	7e54c3f261d81316b75cb734075319108d8bc1d1 (patch)
tree	4c46c9bc01516759509d853c0c2eb9efb76b373e /tools/aapt2/java/JavaClassGenerator_test.cpp
parent	de71ee469a06fac76710874a69c97f76f4f22af7 (diff)

ResStringPool: Fix security vulnerability

Adds detection of attacker-modified size and data fields passed to ResStringPool::setTo(). These attacks are modified apks that AAPT would not normally generate. In the rare case this occurs, the installation cannot be allowed to continue. Bug: 71361168 Bug: 71360999 Test: run cts -m CtsAppSecurityHostTestCases \ -t android.appsecurity.cts.CorruptApkTests Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57 Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57

Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: