diff options
author | Yifan Hong <elsk@google.com> | 2018-05-15 11:34:44 -0700 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2018-05-15 11:34:44 -0700 |
commit | ea2b692d59dc0e26b8b6fb09385eb6aa66a1a540 (patch) | |
tree | 32390cde5bb67c00cd7f6011720b22327fb703f7 /libhidlmemory | |
parent | 7637124c991c36700956159e57f11c755f94f60a (diff) | |
parent | 694bd8d1b43b9e60623cb3d5bd3f21662680dd7c (diff) | |
download | libhidl-ea2b692d59dc0e26b8b6fb09385eb6aa66a1a540.tar.gz |
mapMemory: Do not map if size is > SIZE_MAX
am: 694bd8d1b4
Change-Id: I7f8e06ef62c225b5a442e2a2c1810a27185e16bd
Diffstat (limited to 'libhidlmemory')
-rw-r--r-- | libhidlmemory/mapping.cpp | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/libhidlmemory/mapping.cpp b/libhidlmemory/mapping.cpp index 3cb6485..8f0bcf4 100644 --- a/libhidlmemory/mapping.cpp +++ b/libhidlmemory/mapping.cpp @@ -24,6 +24,7 @@ #include <android-base/logging.h> #include <android/hidl/memory/1.0/IMapper.h> #include <hidl/HidlSupport.h> +#include <log/log.h> using android::sp; using android::hidl::memory::V1_0::IMemory; @@ -63,6 +64,15 @@ sp<IMemory> mapMemory(const hidl_memory& memory) { return nullptr; } + // hidl_memory's size is stored in uint64_t, but mapMemory's mmap will map + // size in size_t. If size is over SIZE_MAX, mapMemory could succeed + // but the mapped memory's actual size will be smaller than the reported size. + if (memory.size() > SIZE_MAX) { + LOG(ERROR) << "Cannot map " << memory.size() << " bytes of memory because it is too large."; + android_errorWriteLog(0x534e4554, "79376389"); + return nullptr; + } + Return<sp<IMemory>> ret = mapper->mapMemory(memory); if (!ret.isOk()) { |