summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJP Sugarbroad <jpsugar@google.com>2017-03-22 20:27:29 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2017-03-22 20:27:34 +0000
commit52a443f82177221cce02377aa166359d00d0cfab (patch)
tree6bdff3b181a8ac12edfca042c122e53cca2abf14
parentde607e532e13710ef8b6db42c41111e7d873a4f4 (diff)
parent4996a4b3786d2d8b5f0a726b4ef816d23c4a150b (diff)
downloadbase-52a443f82177221cce02377aa166359d00d0cfab.tar.gz
Merge "DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset" into security-aosp-mnc-mr1-release
Diffstat
-rw-r--r--core/jni/android_database_CursorWindow.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/core/jni/android_database_CursorWindow.cpp b/core/jni/android_database_CursorWindow.cpp
index 580ac02789c5..a86e57dc024c 100644
--- a/core/jni/android_database_CursorWindow.cpp
+++ b/core/jni/android_database_CursorWindow.cpp
@@ -182,6 +182,10 @@ static jbyteArray nativeGetBlob(JNIEnv* env, jclass clazz, jlong windowPtr,
if (type == CursorWindow::FIELD_TYPE_BLOB || type == CursorWindow::FIELD_TYPE_STRING) {
size_t size;
const void* value = window->getFieldSlotValueBlob(fieldSlot, &size);
+ if (!value) {
+ throw_sqlite3_exception(env, "Native could not read blob slot");
+ return NULL;
+ }
jbyteArray byteArray = env->NewByteArray(size);
if (!byteArray) {
env->ExceptionClear();
@@ -217,6 +221,10 @@ static jstring nativeGetString(JNIEnv* env, jclass clazz, jlong windowPtr,
if (type == CursorWindow::FIELD_TYPE_STRING) {
size_t sizeIncludingNull;
const char* value = window->getFieldSlotValueString(fieldSlot, &sizeIncludingNull);
+ if (!value) {
+ throw_sqlite3_exception(env, "Native could not read string slot");
+ return NULL;
+ }
if (sizeIncludingNull <= 1) {
return gEmptyString;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 18:40:00 +0000