PawletOS/android_bootable_recovery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Integer overflow observed while formatting volume"

Browse Source 
am: 846f307c6f

Change-Id: I078b9079eb8f120780df2d38dabb663cef7a306b
This commit is contained in:
Abhishek Arpure
2017-09-29 05:32:43 +00:00
committed by android-build-merger
parent fdbe272dc0 846f307c6f
commit 4a20e8b68f
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
roots.cpp
+12 -5
View File
@@ -18,6 +18,7 @@
#include <ctype.h> #include <ctype.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/stat.h> #include <sys/stat.h>
@@ -197,16 +198,22 @@ static int exec_cmd(const std::vector<std::string>& args) {
return WEXITSTATUS(status); return WEXITSTATUS(status);
} }
static ssize_t get_file_size(int fd, uint64_t reserve_len) { static int64_t get_file_size(int fd, uint64_t reserve_len) {
struct stat buf; struct stat buf;
int ret = fstat(fd, &buf); int ret = fstat(fd, &buf);
if (ret) return 0; if (ret) return 0;
ssize_t computed_size; int64_t computed_size;
if (S_ISREG(buf.st_mode)) { if (S_ISREG(buf.st_mode)) {
computed_size = buf.st_size - reserve_len; computed_size = buf.st_size - reserve_len;
} else if (S_ISBLK(buf.st_mode)) { } else if (S_ISBLK(buf.st_mode)) {
computed_size = get_block_device_size(fd) - reserve_len; uint64_t block_device_size = get_block_device_size(fd);
if (block_device_size < reserve_len ||
block_device_size > std::numeric_limits<int64_t>::max()) {
computed_size = 0;
} else {
computed_size = block_device_size - reserve_len;
}
} else { } else {
computed_size = 0; computed_size = 0;
} }
@@ -250,13 +257,13 @@ int format_volume(const char* volume, const char* directory) {
close(fd); close(fd);
} }
ssize_t length = 0; int64_t length = 0;
if (v->length != 0) { if (v->length != 0) {
length = v->length; length = v->length;
} else if (v->key_loc != nullptr && strcmp(v->key_loc, "footer") == 0) { } else if (v->key_loc != nullptr && strcmp(v->key_loc, "footer") == 0) {
android::base::unique_fd fd(open(v->blk_device, O_RDONLY)); android::base::unique_fd fd(open(v->blk_device, O_RDONLY));
if (fd == -1) { if (fd == -1) {
PLOG(ERROR) << "get_file_size: failed to open " << v->blk_device; PLOG(ERROR) << "format_volume: failed to open " << v->blk_device;
return -1; return -1;
} }
length = get_file_size(fd.get(), CRYPT_FOOTER_OFFSET); length = get_file_size(fd.get(), CRYPT_FOOTER_OFFSET);