diff options
| author | Christopher Ferris <cferris@google.com> | 2020-10-02 08:57:14 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-10-02 08:57:14 +0000 |
| commit | 5c92b51c80524cb73362b4ed22af5a45536a94b7 (patch) | |
| tree | 6771ac375decb0c269d3e42aa78042cd0581b71b | |
| parent | d7b0ef097e7fd44fea6abc36e545c931a6a4725a (diff) | |
| parent | 7843821bf987588a4a3753a54fa28afba207b55a (diff) | |
Merge "Fix an error when overflows occur." am: 483364a7ec am: fd43e423b7 am: 7843821bf9
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1446118
Change-Id: Ic47f203a1cf67533e64e3db198ebc1a7156813ec
| -rw-r--r-- | libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp b/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp index 9c5374a5b..65052b6c1 100644 --- a/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp +++ b/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp @@ -116,8 +116,12 @@ ElfFake* PopulateElfFake(FuzzedDataProvider* data_provider) { static constexpr size_t kPageSize = 4096; -static constexpr uint64_t AlignToPage(uint64_t address) { - return (address + kPageSize - 1) & ~(kPageSize - 1); +static inline bool AlignToPage(uint64_t address, uint64_t* aligned_address) { + if (__builtin_add_overflow(address, kPageSize - 1, aligned_address)) { + return false; + } + *aligned_address &= ~(kPageSize - 1); + return true; } std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) { @@ -125,8 +129,16 @@ std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) { std::map<uint64_t, uint64_t> map_ends; uint8_t entry_count = data_provider->ConsumeIntegralInRange<uint8_t>(0, kMaxMapEntryCount); for (uint8_t i = 0; i < entry_count; i++) { - uint64_t start = AlignToPage(data_provider->ConsumeIntegral<uint64_t>()); - uint64_t end = AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX)); + uint64_t start; + if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &start)) { + // Overflowed. + continue; + } + uint64_t end; + if (!AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX), &end)) { + // Overflowed. + continue; + } if (start == end) { // It's impossible to see start == end in the real world, so // make sure the map contains at least one page of data. @@ -142,7 +154,11 @@ std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) { } map_ends[end] = start; - uint64_t offset = AlignToPage(data_provider->ConsumeIntegral<uint64_t>()); + uint64_t offset; + if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &offset)) { + // Overflowed. + continue; + } std::string map_info_name = data_provider->ConsumeRandomLengthString(kMaxMapInfoNameLen); uint8_t flags = PROT_READ | PROT_WRITE; |