diff options
author | Steven Moreland <smoreland@google.com> | 2017-10-24 18:12:34 -0700 |
---|---|---|
committer | Steven Moreland <smoreland@google.com> | 2017-10-24 18:14:31 -0700 |
commit | 98893802c24dc810b7952bec85a3c7017b26352b (patch) | |
tree | 4fdf7700e7cecbbb743d9e38645c10f9693abdff /base/HidlSupport.cpp | |
parent | 3f8c4164067e0239c7f1cdd020d397ce42a9e641 (diff) | |
download | libhidl-98893802c24dc810b7952bec85a3c7017b26352b.tar.gz |
Fix copyFrom overflow when arg is UINT32_MAX.
hidl_string's copyFrom method is actually allocating
size + 1 in order to allocate space for the extra '\0'.
This fixes the OBO in the check to avoid overflow.
Fixes: 68197287
Test: libhidl_Test
Change-Id: Ic455b9931d7068fb9d19775baba2f424a08182e3
Diffstat (limited to 'base/HidlSupport.cpp')
-rw-r--r-- | base/HidlSupport.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/base/HidlSupport.cpp b/base/HidlSupport.cpp index f857281..aec3fed 100644 --- a/base/HidlSupport.cpp +++ b/base/HidlSupport.cpp @@ -217,7 +217,7 @@ std::ostream& operator<<(std::ostream& os, const hidl_string& str) { void hidl_string::copyFrom(const char *data, size_t size) { // assume my resources are freed. - if (size > UINT32_MAX) { + if (size >= UINT32_MAX) { LOG(FATAL) << "string size can't exceed 2^32 bytes: " << size; } char *buf = (char *)malloc(size + 1); |