Age | Commit message (Collapse) | Author |
|
Creates types and utility class to manipulate ELF header format and relocation
references.
BufferView: :modify() was also added.
Change-Id: Iacec212a2fb2f8a6c85d551eed4b8e0a84926d89
Reviewed-on: https://chromium-review.googlesource.com/1136846
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578034}
NOKEYCHECK=True
GitOrigin-RevId: 320f7d9d2cff9702e632af296867bf6ce7b14f8b
|
|
This CL is similar to:
https://chromium-review.googlesource.com/1133688
BufferRegion::FitsIn() (and BufferViewBase::covers()) decides whether
a BufferRegion fits inside a buffer. A special case is whether an empty
region fits at the end of a buffer?
Previously this was considered to be a pathological case, so the result
is "false". However, this led to a DCHECK failure found by the DEX
fuzzer: a CodeItem with insns_size = 0 is checked against an empty
buffer.
It may seem straightforward to change the DCHECK to a handled failure.
However, the failing code (in CodeItemParser::GetCodeItemInsns())
occurs after CodeItem have been supposedly validated, so the DCHECK
is correctly placed! Two causes are:
(1) Technically insns_size should be > 0, as dictated by constraint A1
("The insns array mus tnot be empty") in Dalvik spec.
(2) The FitsIn() check is too stringent.
This CL focuses on relaxing (2). This makes checking slightly more
permissive elsewhere in code (patch_reader.cc and Win32 disassembler),
but this looks like the right thing to do.
As for (1), we plan to visit
https://source.android.com/devices/tech/dalvik/constraints
and implement more rigorous checks. So we simply add a TODO for now.
Bug: 863478
Change-Id: Iacbb2bb9bf26701db960192c7b727351ea5afdec
Reviewed-on: https://chromium-review.googlesource.com/1142517
Reviewed-by: agrieve <agrieve@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#576482}
NOKEYCHECK=True
GitOrigin-RevId: 2b31de169e783260c9e2fbaea295b39ae808fbf9
|
|
of buffer.
BufferViewBase::covers_array(offset, num, elt_size) decides whether a
buffer at |offset| can fit an array with |num| elements, each with
|elt_size|. A special case is covers_array(size(), 0, elt_size), i.e.,
can we fit a empty array at end of the buffer?
Previously this was considered to be a pathological case, so the result
is "false". However, recently it's revealed that this causes some valid
DEX files to rejected!
What happens is that ParseAnnotationDirectoryItem() parses data that
look like (in regex) "(AF*M*P*)*", where "AF*M*P*" is a block with
header "A" with counts for structs "F", "M", "P", followed by the
specified number of these structs. The parsing code uses covers_array()
to check for buffer overrun. However, for the case where the last
"AF*M*P*" block has 0 "P" blocks, we'd encounter the special case
covers_array(size(), 0, elt_size), and the resulting "false"
invalidates the DEX file.
The fix is to make the special case return "true". Note that this only
affects DEX (which is currently the only user of covers_array()).
Change-Id: I2939194f7e91739193e1558361aeb9617bf9c023
Reviewed-on: https://chromium-review.googlesource.com/1133688
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: agrieve <agrieve@chromium.org>
Commit-Queue: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#574279}
NOKEYCHECK=True
GitOrigin-RevId: 1b1153fc0b354fd73f63c2324753ad79b42f3fc1
|
|
Creates Disassembler that recognises and parses DEX format. For now, it doesn't
extract any type reference, so it is equivalent to DisassemblerNoOp. Extraction
of various types of reference will be added in a follow-up CL.
BufferView::covers_array() and unittests were also added.
Change-Id: I08756244e9af899cf0f40dabd2b0059e1749328e
Reviewed-on: https://chromium-review.googlesource.com/967603
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546807}
NOKEYCHECK=True
GitOrigin-RevId: d214e2cf9e23bf055f0e0655e9564761d50206ad
|
|
(Use "git log --follow" to see older revisions of files).
/components/ is the most logical place to put Zucchini, which only
depends on /base and /testing/gtest. This move also enables Zucchini to
be used by the Component Updater. Details:
- Move all files; run the following to change deps and guards:
sed 's/chrome\/installer/components/' *.cc *.h -i
sed 's/CHROME_INSTALLER/COMPONENTS/' *.cc *.h -i
- Sorting works out pretty well!
- Change all 'chrome/installer/zucchini' to 'components/zucchini'
throughout other parts of the repo; sort if necessary.
- Fix 6 'git cl lint' errors.
- Change 1 Bind() usage to BindRepeated().
- Update OWNER.
Bug: 729154
Change-Id: I50c5a7d411ea85f707b5994ab319dfb2a1acccf7
Reviewed-on: https://chromium-review.googlesource.com/954923
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Samuel Huang <huangs@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542857}
NOKEYCHECK=True
GitOrigin-RevId: 577ef6c435e8d43be6e3e60ccbcbd1881780f4ec
|