diff options
author | Calder Kitagawa <ckitagawa@chromium.org> | 2018-05-29 19:54:22 +0000 |
---|---|---|
committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:44:39 +0000 |
commit | 4701352fcf9ed0584318bea013f97f8f5b09b7d0 (patch) | |
tree | ec0f5bd142916eaf55ef8b34e4e5a7116f544fae | |
parent | 806fa630e61962fc2093be31eb3fad5fa745a27c (diff) | |
download | zucchini-4701352fcf9ed0584318bea013f97f8f5b09b7d0.tar.gz |
[Zucchini]: Fix CHECK failure in Apply
Fixes a CHECK failure in Zucchini Apply found by ClusterFuzz.
Scenario:
A disassembler parses an image element and shrinks it to be the
understood size. Apply expects that this understood size is identical to
the size of the element it is trying to patch. This expectation will
always hold for "good" patch data but for an arbitary patch may not.
This results in a CHECK failure when getting reference writers.
Solution:
After parsing, check that the disassembler sizes match their respective
image sizes. Fail to Apply and print an error message if this is not the
case.
Bug: 847278
Change-Id: I96edb738b8f9ea2d16193ea1aa2def7319ee8f70
Reviewed-on: https://chromium-review.googlesource.com/1076369
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#562560}
NOKEYCHECK=True
GitOrigin-RevId: 0ca1928abfdce0efe539655cc09e9a8f4ece063f
-rw-r--r-- | disassembler_no_op.cc | 1 | ||||
-rw-r--r-- | zucchini_apply.cc | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/disassembler_no_op.cc b/disassembler_no_op.cc index 3bc24d0..b17979c 100644 --- a/disassembler_no_op.cc +++ b/disassembler_no_op.cc @@ -24,6 +24,7 @@ std::vector<ReferenceGroup> DisassemblerNoOp::MakeReferenceGroups() const { } bool DisassemblerNoOp::Parse(ConstBufferView image) { + image_ = image; return true; } diff --git a/zucchini_apply.cc b/zucchini_apply.cc index 8969e3b..af4eab9 100644 --- a/zucchini_apply.cc +++ b/zucchini_apply.cc @@ -101,6 +101,11 @@ bool ApplyReferencesCorrection(ExecutableType exe_type, LOG(ERROR) << "Failed to create Disassembler"; return false; } + if (old_disasm->size() != old_image.size() || + new_disasm->size() != new_image.size()) { + LOG(ERROR) << "Disassembler and element size mismatch"; + return false; + } ReferenceDeltaSource ref_delta_source = patch.GetReferenceDeltaSource(); std::map<PoolTag, std::vector<ReferenceGroup>> pool_groups; |