diff options
| author | Android Build Merger (Role) <noreply-android-build-merger@google.com> | 2018-03-09 01:49:01 +0000 |
|---|---|---|
| committer | Android Build Merger (Role) <noreply-android-build-merger@google.com> | 2018-03-09 01:49:01 +0000 |
| commit | dd95a7f10d2e9b9404614f85f60bfa777af4ab70 (patch) | |
| tree | ba660e55a2d005764b83a5aa681b45b365fadd15 /libutils/String16.cpp | |
| parent | bab7b1ecd96dfcc825880c81a24443d9abc7803e (diff) | |
| parent | e9df4d52f7f8ff086322e5c130644034ddb05215 (diff) | |
[automerger] String16: remove integer overflows am: d0648d8dc6 am: 9de539d0dd am: 726007edf0 am: 4ca82d1d14 am: 35629db6fe am: dc2153c913 am: f479f90679 am: e9df4d52f7
Change-Id: Ifab7435d2c707247b64b6debccbdd00224bdc6af
Diffstat (limited to 'libutils/String16.cpp')
| -rw-r--r-- | libutils/String16.cpp | 66 |
1 files changed, 36 insertions, 30 deletions
diff --git a/libutils/String16.cpp b/libutils/String16.cpp index 65396caca..80018897e 100644 --- a/libutils/String16.cpp +++ b/libutils/String16.cpp @@ -84,6 +84,23 @@ static char16_t* allocFromUTF8(const char* u8str, size_t u8len) return getEmptyString(); } +static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) { + if (u16len >= SIZE_MAX / sizeof(char16_t)) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + + SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t)); + ALOG_ASSERT(buf, "Unable to allocate shared buffer"); + if (buf) { + char16_t* str = (char16_t*)buf->data(); + memcpy(str, u16str, u16len * sizeof(char16_t)); + str[u16len] = 0; + return str; + } + return getEmptyString(); +} + // --------------------------------------------------------------------------- String16::String16() @@ -116,35 +133,9 @@ String16::String16(const String16& o, size_t len, size_t begin) setTo(o, len, begin); } -String16::String16(const char16_t* o) -{ - size_t len = strlen16(o); - SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t)); - ALOG_ASSERT(buf, "Unable to allocate shared buffer"); - if (buf) { - char16_t* str = (char16_t*)buf->data(); - strcpy16(str, o); - mString = str; - return; - } - - mString = getEmptyString(); -} +String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {} -String16::String16(const char16_t* o, size_t len) -{ - SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t)); - ALOG_ASSERT(buf, "Unable to allocate shared buffer"); - if (buf) { - char16_t* str = (char16_t*)buf->data(); - memcpy(str, o, len*sizeof(char16_t)); - str[len] = 0; - mString = str; - return; - } - - mString = getEmptyString(); -} +String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {} String16::String16(const String8& o) : mString(allocFromUTF8(o.string(), o.size())) @@ -206,6 +197,11 @@ status_t String16::setTo(const char16_t* other) status_t String16::setTo(const char16_t* other, size_t len) { + if (len >= SIZE_MAX / sizeof(char16_t)) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((len+1)*sizeof(char16_t)); if (buf) { @@ -228,7 +224,12 @@ status_t String16::append(const String16& other) } else if (otherLen == 0) { return NO_ERROR; } - + + if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((myLen+otherLen+1)*sizeof(char16_t)); if (buf) { @@ -249,7 +250,12 @@ status_t String16::append(const char16_t* chrs, size_t otherLen) } else if (otherLen == 0) { return NO_ERROR; } - + + if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((myLen+otherLen+1)*sizeof(char16_t)); if (buf) { |