DO NOT MERGE: Initialize the ZipArchive to zero before parsing
The fields of the ZipArchive on the stack are not initialized before we call libminzip to parse the zip file. As a result, some random memory location is freed unintentionally when we close the ZipArchive upon parsing failures. Bug: 35385357 Test: recompile and run the poc with asan. Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
This commit is contained in:
Tianjie Xu
+1
-1
@@ -489,7 +489,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount,
|
||||
}
|
||||
|
||||
// Try to open the package.
|
||||
ZipArchive zip;
|
||||
ZipArchive zip = {};
|
||||
int err = mzOpenZipArchive(map.addr, map.length, &zip);
|
||||
if (err != 0) {
|
||||
LOGE("Can't open %s\n(%s)\n", path, err != -1 ? strerror(err) : "bad");
|
||||
|
||||
+1
-1
@@ -77,7 +77,7 @@ int main(int argc, char** argv) {
|
||||
printf("failed to map package %s\n", argv[3]);
|
||||
return 3;
|
||||
}
|
||||
ZipArchive za;
|
||||
ZipArchive za = {};
|
||||
int err;
|
||||
err = mzOpenZipArchive(map.addr, map.length, &za);
|
||||
if (err != 0) {
|
||||
|
||||
Reference in New Issue
Block a user