diff options
author | Jinguang Dong <dongjinguang@huawei.com> | 2017-04-05 22:36:55 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-04-05 22:36:55 +0000 |
commit | c6f1cf901e3137da8c2d85132dd6122a514264c1 (patch) | |
tree | 1180eb05576910c90445aea4b099bf3ed404414e | |
parent | f73a010f4f2c6f2b7888e0f6501d2a5044154337 (diff) | |
parent | 4a2de986dfaff72bca01ab206f1a1a2afc1278b2 (diff) | |
download | gatekeeper-c6f1cf901e3137da8c2d85132dd6122a514264c1.tar.gz |
Fix a not properly handled pointer comparison that caused UB am: 7f5c6593f2 am: 6ae350fa22 am: f42b1b66ca
am: 4a2de986df
Change-Id: Ieb1df247934f1fda866420beab85c9dc3475c6a7
-rw-r--r-- | gatekeeper_messages.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gatekeeper_messages.cpp b/gatekeeper_messages.cpp index fc76d5e..41972bb 100644 --- a/gatekeeper_messages.cpp +++ b/gatekeeper_messages.cpp @@ -52,8 +52,8 @@ static inline gatekeeper_error_t read_from_buffer(const uint8_t **buffer, const memcpy(&target->length, *buffer, sizeof(target->length)); *buffer += sizeof(target->length); if (target->length != 0) { - const uint8_t *buffer_end = *buffer + target->length; - if (buffer_end > end || buffer_end <= *buffer) return ERROR_INVALID; + const size_t buffer_size = end - *buffer; + if (buffer_size < target->length) return ERROR_INVALID; target->buffer.reset(new uint8_t[target->length]); memcpy(target->buffer.get(), *buffer, target->length); |