diff options
| author | Nikita Ioffe <ioffe@google.com> | 2020-04-30 02:14:27 +0100 |
|---|---|---|
| committer | Nikita Ioffe <ioffe@google.com> | 2020-04-30 16:56:32 +0100 |
| commit | 66872e8dc9f4b0aa5fa1eca970430be003003a7b (patch) | |
| tree | af338c6fe470f4ecf8d78cb1d28caf2edbb6bb9a | |
| parent | b73cea24f89621456c950b102d475ffbd4227334 (diff) | |
| download | avb-android11-dev.tar.gz | |
Check that there is enough space for AvbDescriptorandroid-mainline-11.0.0_r44android-mainline-11.0.0_r43android-mainline-11.0.0_r42android-mainline-11.0.0_r41android-mainline-11.0.0_r40android-mainline-11.0.0_r39android-mainline-11.0.0_r38android-mainline-11.0.0_r37android-mainline-11.0.0_r36android-mainline-11.0.0_r35android-mainline-11.0.0_r34android-mainline-11.0.0_r32android-mainline-11.0.0_r31android-mainline-11.0.0_r30android-mainline-11.0.0_r28android-mainline-11.0.0_r27android-mainline-11.0.0_r26android-mainline-11.0.0_r25android-mainline-11.0.0_r24android-mainline-11.0.0_r23android-mainline-11.0.0_r22android-mainline-11.0.0_r21android-mainline-11.0.0_r20android-mainline-11.0.0_r18android-mainline-11.0.0_r17android-mainline-11.0.0_r16android-mainline-11.0.0_r15android-mainline-11.0.0_r14android-mainline-11.0.0_r13android-mainline-11.0.0_r12android11-mainline-tethering-releaseandroid11-mainline-permission-releaseandroid11-mainline-os-statsd-releaseandroid11-mainline-networkstack-releaseandroid11-mainline-media-swcodec-releaseandroid11-mainline-media-releaseandroid11-mainline-extservices-releaseandroid11-mainline-documentsui-releaseandroid11-mainline-conscrypt-releaseandroid11-mainline-cellbroadcast-releaseandroid11-mainline-captiveportallogin-releaseandroid11-dev
Test: put corrupted apex on /system_ext/apex
Test: verified it's not activated
Test: atest --host libavb_host_unittest
Bug: 146516087
Change-Id: Ic85cbd580b4a5e6514db68359e78fae7455e0fb8
| -rw-r--r-- | libavb/avb_descriptor.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavb/avb_descriptor.c b/libavb/avb_descriptor.c index cfc2aac..7030a40 100644 --- a/libavb/avb_descriptor.c +++ b/libavb/avb_descriptor.c @@ -88,6 +88,10 @@ bool avb_descriptor_foreach(const uint8_t* image_data, } for (p = desc_start; p < desc_end;) { + if (p + sizeof(AvbDescriptor) > desc_end) { + avb_error("Invalid descriptor length.\n"); + goto out; + } const AvbDescriptor* dh = (const AvbDescriptor*)p; avb_assert_aligned(dh); uint64_t nb_following = avb_be64toh(dh->num_bytes_following); |