From bff51b88aaf96279c58edb812be0bda2fcaf4967 Mon Sep 17 00:00:00 2001
From: Christopher Ferris <cferris@google.com>
Date: Tue, 26 May 2020 10:33:18 -0700
Subject: Fail explicitly on length overflow.

Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.

Bug: 156997193

Test: Ran unit tests, including new unit test that aborted before.
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29b5bd11e2e2dbb848d6b364bf627d21)
---
 libutils/FileMap.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'libutils/FileMap.cpp')

diff --git a/libutils/FileMap.cpp b/libutils/FileMap.cpp
index 1d899ab7f..0abb86191 100644
--- a/libutils/FileMap.cpp
+++ b/libutils/FileMap.cpp
@@ -189,7 +189,11 @@ bool FileMap::create(const char* origFileName, int fd, off64_t offset, size_t le
 
     int adjust = offset % mPageSize;
     off64_t adjOffset = offset - adjust;
-    size_t adjLength = length + adjust;
+    size_t adjLength;
+    if (__builtin_add_overflow(length, adjust, &adjLength)) {
+        ALOGE("adjusted length overflow: length %zu adjust %d", length, adjust);
+        return false;
+    }
 
     int flags = MAP_SHARED;
     int prot = PROT_READ;
-- 
cgit v1.2.3