OSDN -- Desenvolver e Download de Software Open Source
Estado tradução de Português translation status for pt
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

system/corennnnn


Commit MetaInfo

Revisão420d162484acf9c30693a651702eee5864cf14a1 (tree)
Hora2016-12-13 04:57:28
AutorTianjie Xu <xunchang@goog...>
CommiterJessica Wagantall

Mensagem de Log

Fix out of bound access in libziparchive

The boundary check of an invalid EOCD record may succeed due to the
overflow of uint32_t. Fix the check.

Test: Open the crash.apk and libziparchive reports the offset error as expected.

CYNGNOS-3312
Bug: 31251826
Change-Id: I1d8092a19b73886a671bc9d291cfc27d65e3d236
(cherry picked from commit ae8180c06dee228cd1378c56afa6020ae98d8a24)
(cherry picked from commit 1ee4892e66ba314131b7ecf17e98bb1762c4b84c)
(cherry picked from commit 7f246f7fdd2f003c6f3701f599052a2040af6bfb)

Mudança Sumário

Diff

--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -463,9 +463,14 @@ static int32_t MapCentralDirectory0(int fd, const char* debug_file_name,
463463 * Grab the CD offset and size, and the number of entries in the
464464 * archive and verify that they look reasonable.
465465 */
466- if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) {
466+ if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
467467 ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
468468 eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
469+#if defined(__ANDROID__)
470+ if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) {
471+ android_errorWriteLog(0x534e4554, "31251826");
472+ }
473+#endif
469474 return kInvalidOffset;
470475 }
471476 if (eocd->num_records == 0) {