diff options
author | Ivan Lozano <ivanlozano@google.com> | 2017-09-29 09:48:48 -0700 |
---|---|---|
committer | Ivan Lozano <ivanlozano@google.com> | 2017-09-29 09:48:48 -0700 |
commit | 60e63383329bdf3018696af6c9a1914e4ff0a920 (patch) | |
tree | c3d31725e26792897522b6cb1c53822761ac9bdc | |
parent | 865d8f55b43fef698c2b9f420cd8d5c68e2fc693 (diff) | |
download | libexif-60e63383329bdf3018696af6c9a1914e4ff0a920.tar.gz |
Add integer sanitization to libexif.
This turns integer sanitization on in libexif. A blacklist file is added
to prevent sanitization of a function which was seen to overflow during
testing but this seems to be intentional.
Bug: 67013630
Bug: 62343822
Test: Took pictures and videos.
Test: Mounted as PTP and MTP, browsed and downloaded files.
Change-Id: I7c2d2acead75797fba06488ef2e87a5c0fc2b66e
-rw-r--r-- | Android.bp | 4 | ||||
-rw-r--r-- | libexif_blacklist.txt | 15 |
2 files changed, 19 insertions, 0 deletions
@@ -64,6 +64,10 @@ cc_library_shared { "-Werror", ], + sanitize: { + integer_overflow: true, + blacklist: "libexif_blacklist.txt", + }, } // WARNING: this makefile builds a shared library. Do not ever make it build diff --git a/libexif_blacklist.txt b/libexif_blacklist.txt new file mode 100644 index 0000000..9500d9a --- /dev/null +++ b/libexif_blacklist.txt @@ -0,0 +1,15 @@ +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +fun:match_tag |