diff options
| author | Yabin Cui <yabinc@google.com> | 2022-12-12 15:40:29 -0800 |
|---|---|---|
| committer | Yabin Cui <yabinc@google.com> | 2022-12-12 15:40:29 -0800 |
| commit | 5bb381e3adb820fb0a04699c995fae11bb9b65ba (patch) | |
| tree | e9e44146a797e0012edfbbdca6689b3fea7cac1d | |
| parent | 95f0a957e79e87704ef893e5a7846d844d88c98d (diff) | |
| download | extras-5bb381e3adb820fb0a04699c995fae11bb9b65ba.tar.gz | |
simpleperf: fix ReadFileV2Feature for fuzzer.
Bug: 258284399
Test: run simpleperf_unit_test
Change-Id: I45c25441ee7c16dc0784c08782f98875abc54e91
| -rw-r--r-- | simpleperf/record_file_reader.cpp | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/simpleperf/record_file_reader.cpp b/simpleperf/record_file_reader.cpp index c70c0dcb..8229907b 100644 --- a/simpleperf/record_file_reader.cpp +++ b/simpleperf/record_file_reader.cpp @@ -538,17 +538,16 @@ std::vector<uint64_t> RecordFileReader::ReadAuxTraceFeature() { bool RecordFileReader::ReadFileFeature(size_t& read_pos, FileFeature* file) { file->Clear(); + bool result = false; if (HasFeature(FEAT_FILE)) { - if (!ReadFileV1Feature(read_pos, file)) { - LOG(ERROR) << "failed to read file feature section"; - return false; - } - return true; + result = ReadFileV1Feature(read_pos, file); + } else if (HasFeature(FEAT_FILE2)) { + result = ReadFileV2Feature(read_pos, file); } - if (HasFeature(FEAT_FILE2)) { - return ReadFileV2Feature(read_pos, file); + if (!result) { + LOG(ERROR) << "failed to read file feature section"; } - return false; + return result; } bool RecordFileReader::ReadFileV1Feature(size_t& read_pos, FileFeature* file) { @@ -634,11 +633,15 @@ bool RecordFileReader::ReadFileV2Feature(size_t& read_pos, FileFeature* file) { if (!Read(&size, 4)) { return false; } - read_pos += 4 + size; + read_pos += 4; + if (read_pos > it->second.size || size > it->second.size - read_pos) { + return false; + } std::string s(size, '\0'); if (!Read(s.data(), size)) { return false; } + read_pos += size; proto::FileFeature proto_file; if (!proto_file.ParseFromString(s)) { return false; @@ -652,15 +655,21 @@ bool RecordFileReader::ReadFileV2Feature(size_t& read_pos, FileFeature* file) { file->symbols.emplace_back(proto_symbol.name(), proto_symbol.vaddr(), proto_symbol.len()); } if (file->type == DSO_DEX_FILE) { - CHECK(proto_file.has_dex_file()); + if (!proto_file.has_dex_file()) { + return false; + } const auto& dex_file_offsets = proto_file.dex_file().dex_file_offset(); file->dex_file_offsets.insert(file->dex_file_offsets.end(), dex_file_offsets.begin(), dex_file_offsets.end()); } else if (file->type == DSO_ELF_FILE) { - CHECK(proto_file.has_elf_file()); + if (!proto_file.has_elf_file()) { + return false; + } file->file_offset_of_min_vaddr = proto_file.elf_file().file_offset_of_min_vaddr(); } else if (file->type == DSO_KERNEL_MODULE) { - CHECK(proto_file.has_kernel_module()); + if (!proto_file.has_kernel_module()) { + return false; + } file->file_offset_of_min_vaddr = proto_file.kernel_module().memory_offset_of_min_vaddr(); } return true; |