mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-20 21:34:24 -05:00
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
|
From 2f6bf894b7c3462f0af6cebfb7b7400f820e4220 Mon Sep 17 00:00:00 2001
|
||
|
From: Steven Moreland <smoreland@google.com>
|
||
|
Date: Fri, 17 May 2019 13:11:30 -0700
|
||
|
Subject: [PATCH] readCString: no ubsan sub-overflow
|
||
|
|
||
|
Bug: 132650049
|
||
|
Test: fuzzer
|
||
|
Change-Id: I1f6dcad6906951ab505a7500573b74b210a68705
|
||
|
Merged-In: I1f6dcad6906951ab505a7500573b74b210a68705
|
||
|
(cherry picked from commit 1086548c6ceb141e2852d2690db8386911a014dd)
|
||
|
---
|
||
|
libs/binder/Parcel.cpp | 4 ++--
|
||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
|
||
|
index e369c444ba..2ca4170c7d 100644
|
||
|
--- a/libs/binder/Parcel.cpp
|
||
|
+++ b/libs/binder/Parcel.cpp
|
||
|
@@ -1136,8 +1136,8 @@ intptr_t Parcel::readIntPtr() const
|
||
|
|
||
|
const char* Parcel::readCString() const
|
||
|
{
|
||
|
- const size_t avail = mDataSize-mDataPos;
|
||
|
- if (avail > 0) {
|
||
|
+ if (mDataPos < mDataSize) {
|
||
|
+ const size_t avail = mDataSize-mDataPos;
|
||
|
const char* str = reinterpret_cast<const char*>(mData+mDataPos);
|
||
|
// is the string's trailing NUL within the parcel's valid bounds?
|
||
|
const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));
|