diff options
| author | Steven Moreland <smoreland@google.com> | 2018-03-01 11:03:04 -0800 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-09-14 20:49:24 +0000 |
| commit | 2a458e19fdbcfd71d6a3bd21a4e30d3518f20dde (patch) | |
| tree | dcc87e2ba2931fb297a562178112654e5eb1a110 | |
| parent | 90bdf388e9bab3ebd02527e5b26fad16261b2fec (diff) | |
| download | core-2a458e19fdbcfd71d6a3bd21a4e30d3518f20dde.tar.gz | |
String16: remove integer overflows
Bug: 73826242
Test: manual
Change-Id: I32e13d61b944c1a527cf2d95473552d246e322be
Merged-In: I32e13d61b944c1a527cf2d95473552d246e322be
(cherry picked from commit d0648d8dc61fe9ac39d2cd150a332b385a334bdc)
| -rw-r--r-- | libutils/String16.cpp | 66 |
1 files changed, 36 insertions, 30 deletions
diff --git a/libutils/String16.cpp b/libutils/String16.cpp index 65396caca..80018897e 100644 --- a/libutils/String16.cpp +++ b/libutils/String16.cpp @@ -84,6 +84,23 @@ static char16_t* allocFromUTF8(const char* u8str, size_t u8len) return getEmptyString(); } +static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) { + if (u16len >= SIZE_MAX / sizeof(char16_t)) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + + SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t)); + ALOG_ASSERT(buf, "Unable to allocate shared buffer"); + if (buf) { + char16_t* str = (char16_t*)buf->data(); + memcpy(str, u16str, u16len * sizeof(char16_t)); + str[u16len] = 0; + return str; + } + return getEmptyString(); +} + // --------------------------------------------------------------------------- String16::String16() @@ -116,35 +133,9 @@ String16::String16(const String16& o, size_t len, size_t begin) setTo(o, len, begin); } -String16::String16(const char16_t* o) -{ - size_t len = strlen16(o); - SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t)); - ALOG_ASSERT(buf, "Unable to allocate shared buffer"); - if (buf) { - char16_t* str = (char16_t*)buf->data(); - strcpy16(str, o); - mString = str; - return; - } - - mString = getEmptyString(); -} +String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {} -String16::String16(const char16_t* o, size_t len) -{ - SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t)); - ALOG_ASSERT(buf, "Unable to allocate shared buffer"); - if (buf) { - char16_t* str = (char16_t*)buf->data(); - memcpy(str, o, len*sizeof(char16_t)); - str[len] = 0; - mString = str; - return; - } - - mString = getEmptyString(); -} +String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {} String16::String16(const String8& o) : mString(allocFromUTF8(o.string(), o.size())) @@ -206,6 +197,11 @@ status_t String16::setTo(const char16_t* other) status_t String16::setTo(const char16_t* other, size_t len) { + if (len >= SIZE_MAX / sizeof(char16_t)) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((len+1)*sizeof(char16_t)); if (buf) { @@ -228,7 +224,12 @@ status_t String16::append(const String16& other) } else if (otherLen == 0) { return NO_ERROR; } - + + if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((myLen+otherLen+1)*sizeof(char16_t)); if (buf) { @@ -249,7 +250,12 @@ status_t String16::append(const char16_t* chrs, size_t otherLen) } else if (otherLen == 0) { return NO_ERROR; } - + + if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) { + android_errorWriteLog(0x534e4554, "73826242"); + abort(); + } + SharedBuffer* buf = SharedBuffer::bufferFromData(mString) ->editResize((myLen+otherLen+1)*sizeof(char16_t)); if (buf) { |