diff options
| author | Yurii Zubrytskyi <zyy@google.com> | 2021-11-29 23:55:24 -0800 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-12-28 15:08:37 +0000 |
| commit | fe15c1abc735cadf3e229fecc02b9ac62b3df452 (patch) | |
| tree | 3f2580ffd2d59e3f056ce25e060d37791b5c4dd1 | |
| parent | 83d98b2981fad4b2201744d415f17f890c765e0b (diff) | |
| download | base-fe15c1abc735cadf3e229fecc02b9ac62b3df452.tar.gz | |
Add missing size check when parsing staged aliases
Need to have the same kind of data size check as in other
types parsing
Bug: 203938029
Test: manual
Change-Id: I9f5d2851ff59da90163ead6c0416f0bba3868cc4
Merged-In: I9f5d2851ff59da90163ead6c0416f0bba3868cc4
(cherry picked from commit 8002034e6b11e9be85671505475936b1ec3705b3)
(cherry picked from commit abdf5a518db1d09b2918c4286d226d409ee24420)
Merged-In:I9f5d2851ff59da90163ead6c0416f0bba3868cc4
| -rw-r--r-- | libs/androidfw/LoadedArsc.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libs/androidfw/LoadedArsc.cpp b/libs/androidfw/LoadedArsc.cpp index d17c32817994..8150e78fdddc 100644 --- a/libs/androidfw/LoadedArsc.cpp +++ b/libs/androidfw/LoadedArsc.cpp @@ -686,6 +686,12 @@ std::unique_ptr<const LoadedPackage> LoadedPackage::Load(const Chunk& chunk, std::unordered_set<uint32_t> finalized_ids; const auto lib_alias = child_chunk.header<ResTable_staged_alias_header>(); if (!lib_alias) { + LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small."; + return {}; + } + if ((child_chunk.data_size() / sizeof(ResTable_staged_alias_entry)) + < dtohl(lib_alias->count)) { + LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small to hold entries."; return {}; } const auto entry_begin = child_chunk.data_ptr().convert<ResTable_staged_alias_entry>(); |