diff options
author | MarijnS95 <marijns95@gmail.com> | 2019-09-09 15:50:43 +0200 |
---|---|---|
committer | Tianjie Xu <xunchang@google.com> | 2019-09-09 18:18:39 +0000 |
commit | 7920e30eee4c34c571c0260b211fa156de2b3f45 (patch) | |
tree | 03f0467ca07b87dbbcd31416033e67c3a5b1382d /verity | |
parent | 96974c3401ce8815ff033e77987a711a2e3c5d48 (diff) | |
download | extras-7920e30eee4c34c571c0260b211fa156de2b3f45.tar.gz |
verity: Do not increment data when it is nullptr.
Address a segfault introduced in
d6dc877032c65768b3c6737156d3142f32cc9984
As soon as leftover_ becomes non-empty, the data pointer is incremented
and will now be an invalid pointer in case it was null previously.
The subsequent check in HashBlocks() will now encounter a non-null data
ptr and pass it to HashBlock(), triggering a segfault.
Test: Manually build and boot an image on which this crashed before.
Test: build_verity_tree_test
Change-Id: I324ff6103c9d35fb290c4e96fb5009ee365a0249
Signed-off-by: MarijnS95 <marijns95@gmail.com>
(cherry picked from commit c82514bd034f214b16d273b10c676dd63a9e603b)
Diffstat (limited to 'verity')
-rw-r--r-- | verity/hash_tree_builder.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/verity/hash_tree_builder.cpp b/verity/hash_tree_builder.cpp index 197c38e5..d061ca5c 100644 --- a/verity/hash_tree_builder.cpp +++ b/verity/hash_tree_builder.cpp @@ -197,7 +197,9 @@ bool HashTreeBuilder::Update(const unsigned char* data, size_t len) { return false; } leftover_.clear(); - data += append_len; + if (data != nullptr) { + data += append_len; + } len -= append_len; } if (len % block_size_ != 0) { |