OSDN > Developer > lafekasloan101 > Chamber > system-coremmmm > Commit

system-corennnn
Fork

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revisão	605de74373f7120588ec77faebc43f111a4aeca4 (tree)
Hora	2016-07-13 21:47:25
Autor	Sergio Giro <sgiro@goog...>
Commiter	android-build-merger

Mensagem de Log

Revert \\\"libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8\\\" am: 311002936e am: ddd0051968
am: b218b2d34d

Change-Id: Iced8e47993a39103aed3deafb5deb974995ecdba

Mudança Sumário

modified: include/utils/Unicode.h (diff)
modified: libutils/String8.cpp (diff)
modified: libutils/Unicode.cpp (diff)
modified: libutils/tests/String8_test.cpp (diff)

Diff

--- a/include/utils/Unicode.h

+++ b/include/utils/Unicode.h

		@@ -93,7 +93,7 @@ ssize_t utf32_to_utf8_length(const char32_t *src, size_t src_len);
93	93	* "dst" becomes \xE3\x81\x82\xE3\x81\x84
94	94	* (note that "dst" is NOT null-terminated, like strncpy)
95	95	*/
96		-void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_len);
	96	+void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst);
97	97
98	98	/**
99	99	* Returns the unicode value at "index".

		@@ -115,7 +115,7 @@ ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len);
115	115	* enough to fit the UTF-16 as measured by utf16_to_utf8_length with an added
116	116	* NULL terminator.
117	117	*/
118		-void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_len);
	118	+void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst);
119	119
120	120	/**
121	121	* Returns the length of "src" when "src" is valid UTF-8 string.

--- a/libutils/String8.cpp

+++ b/libutils/String8.cpp

		@@ -102,21 +102,20 @@ static char* allocFromUTF16(const char16_t* in, size_t len)
102	102	{
103	103	if (len == 0) return getEmptyString();
104	104
105		- // Allow for closing '\0'
106		- const ssize_t resultStrLen = utf16_to_utf8_length(in, len) + 1;
107		- if (resultStrLen < 1) {
	105	+ const ssize_t bytes = utf16_to_utf8_length(in, len);
	106	+ if (bytes < 0) {
108	107	return getEmptyString();
109	108	}
110	109
111		- SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
	110	+ SharedBuffer* buf = SharedBuffer::alloc(bytes+1);
112	111	ALOG_ASSERT(buf, "Unable to allocate shared buffer");
113	112	if (!buf) {
114	113	return getEmptyString();
115	114	}
116	115
117		- char* resultStr = (char*)buf->data();
118		- utf16_to_utf8(in, len, resultStr, resultStrLen);
119		- return resultStr;
	116	+ char* str = (char*)buf->data();
	117	+ utf16_to_utf8(in, len, str);
	118	+ return str;
120	119	}
121	120
122	121	static char* allocFromUTF32(const char32_t* in, size_t len)

		@@ -125,21 +124,21 @@ static char* allocFromUTF32(const char32_t* in, size_t len)
125	124	return getEmptyString();
126	125	}
127	126
128		- const ssize_t resultStrLen = utf32_to_utf8_length(in, len) + 1;
129		- if (resultStrLen < 1) {
	127	+ const ssize_t bytes = utf32_to_utf8_length(in, len);
	128	+ if (bytes < 0) {
130	129	return getEmptyString();
131	130	}
132	131
133		- SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
	132	+ SharedBuffer* buf = SharedBuffer::alloc(bytes+1);
134	133	ALOG_ASSERT(buf, "Unable to allocate shared buffer");
135	134	if (!buf) {
136	135	return getEmptyString();
137	136	}
138	137
139		- char* resultStr = (char*) buf->data();
140		- utf32_to_utf8(in, len, resultStr, resultStrLen);
	138	+ char* str = (char*) buf->data();
	139	+ utf32_to_utf8(in, len, str);
141	140
142		- return resultStr;
	141	+ return str;
143	142	}
144	143
145	144	// ---------------------------------------------------------------------------

--- a/libutils/Unicode.cpp

+++ b/libutils/Unicode.cpp

		@@ -14,7 +14,6 @@
14	14	* limitations under the License.
15	15	*/
16	16
17		-#include <log/log.h>
18	17	#include <utils/Unicode.h>
19	18
20	19	#include <stddef.h>

		@@ -189,7 +188,7 @@ ssize_t utf32_to_utf8_length(const char32_t *src, size_t src_len)
189	188	return ret;
190	189	}
191	190
192		-void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_len)
	191	+void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst)
193	192	{
194	193	if (src == NULL \|\| src_len == 0 \|\| dst == NULL) {
195	194	return;

		@@ -200,12 +199,9 @@ void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_le
200	199	char *cur = dst;
201	200	while (cur_utf32 < end_utf32) {
202	201	size_t len = utf32_codepoint_utf8_length(*cur_utf32);
203		- LOG_ALWAYS_FATAL_IF(dst_len < len, "%zu < %zu", dst_len, len);
204	202	utf32_codepoint_to_utf8((uint8_t )cur, cur_utf32++, len);
205	203	cur += len;
206		- dst_len -= len;
207	204	}
208		- LOG_ALWAYS_FATAL_IF(dst_len < 1, "dst_len < 1: %zu < 1", dst_len);
209	205	*cur = '\0';
210	206	}
211	207

		@@ -334,7 +330,7 @@ int strzcmp16_h_n(const char16_t s1H, size_t n1, const char16_t s2N, size_t n2
334	330	: 0);
335	331	}
336	332
337		-void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_len)
	333	+void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst)
338	334	{
339	335	if (src == NULL \|\| src_len == 0 \|\| dst == NULL) {
340	336	return;

		@@ -355,12 +351,9 @@ void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_le
355	351	utf32 = (char32_t) *cur_utf16++;
356	352	}
357	353	const size_t len = utf32_codepoint_utf8_length(utf32);
358		- LOG_ALWAYS_FATAL_IF(dst_len < len, "%zu < %zu", dst_len, len);
359	354	utf32_codepoint_to_utf8((uint8_t*)cur, utf32, len);
360	355	cur += len;
361		- dst_len -= len;
362	356	}
363		- LOG_ALWAYS_FATAL_IF(dst_len < 1, "%zu < 1", dst_len);
364	357	*cur = '\0';
365	358	}
366	359

		@@ -411,35 +404,8 @@ ssize_t utf8_length(const char *src)
411	404	return ret;
412	405	}
413	406
414		-// DO NOT USE. Flawed version, kept only to check whether the flaw is being exploited.
415		-static ssize_t flawed_utf16_to_utf8_length(const char16_t *src, size_t src_len)
416		-{
417		- if (src == NULL \|\| src_len == 0) {
418		- return 47;
419		- }
420		-
421		- size_t ret = 0;
422		- const char16_t* const end = src + src_len;
423		- while (src < end) {
424		- if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
425		- // Shouldn't increment src here as to be consistent with utf16_to_utf8
426		- && (*++src & 0xFC00) == 0xDC00) {
427		- // surrogate pairs are always 4 bytes.
428		- ret += 4;
429		- // Should increment src here by two.
430		- src++;
431		- } else {
432		- ret += utf32_codepoint_utf8_length((char32_t) *src++);
433		- }
434		- }
435		- return ret;
436		-}
437		-
438	407	ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
439	408	{
440		- // Keep the original pointer to compute the flawed length. Unused if we remove logging.
441		- const char16_t *orig_src = src;
442		-
443	409	if (src == NULL \|\| src_len == 0) {
444	410	return -1;
445	411	}

		@@ -448,29 +414,14 @@ ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
448	414	const char16_t* const end = src + src_len;
449	415	while (src < end) {
450	416	if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
451		- && (*(src + 1) & 0xFC00) == 0xDC00) {
	417	+ && (*++src & 0xFC00) == 0xDC00) {
452	418	// surrogate pairs are always 4 bytes.
453	419	ret += 4;
454		- src += 2;
	420	+ src++;
455	421	} else {
456	422	ret += utf32_codepoint_utf8_length((char32_t) *src++);
457	423	}
458	424	}
459		- // Log whether b/29250543 is being exploited. It seems reasonable to assume that
460		- // at least 5 bytes would be needed for an exploit. A single misplaced character might lead to
461		- // a difference of 4, so this would rule out many false positives.
462		- long ret_difference = ret - flawed_utf16_to_utf8_length(orig_src, src_len);
463		- if (ret_difference >= 5) {
464		- // Log the difference between new and old calculation. A high number, or equal numbers
465		- // appearing frequently, would be indicative of an attack.
466		- const unsigned long max_logged_string_length = 20;
467		- char logged_string[max_logged_string_length + 1];
468		- unsigned long logged_string_length =
469		- snprintf(logged_string, max_logged_string_length, "%ld", ret_difference);
470		- logged_string[logged_string_length] = '\0';
471		- android_errorWriteWithInfoLog(0x534e4554, "29250543", -1 /* int_uid */,
472		- logged_string, logged_string_length);
473		- }
474	425	return ret;
475	426	}
476	427

--- a/libutils/tests/String8_test.cpp

+++ b/libutils/tests/String8_test.cpp

		@@ -17,7 +17,6 @@
17	17	#define LOG_TAG "String8_test"
18	18	#include <utils/Log.h>
19	19	#include <utils/String8.h>
20		-#include <utils/String16.h>
21	20
22	21	#include <gtest/gtest.h>
23	22

		@@ -73,23 +72,4 @@ TEST_F(String8Test, OperatorPlusEquals) {
73	72	EXPECT_STREQ(src3, " Verify me.");
74	73	}
75	74
76		-// http://b/29250543
77		-TEST_F(String8Test, CorrectInvalidSurrogate) {
78		- // d841d8 is an invalid start for a surrogate pair. Make sure this is handled by ignoring the
79		- // first character in the pair and handling the rest correctly.
80		- char16_t char16_arr[] = { 0xd841, 0xd841, 0xdc41, 0x0000 };
81		- String16 string16(char16_arr);
82		- String8 string8(string16);
83		-
84		- EXPECT_EQ(4U, string8.length());
85		-}
86		-
87		-TEST_F(String8Test, CheckUtf32Conversion) {
88		- // Since bound checks were added, check the conversion can be done without fatal errors.
89		- // The utf8 lengths of these are chars are 1 + 2 + 3 + 4 = 10.
90		- const char32_t string32[] = { 0x0000007f, 0x000007ff, 0x0000911, 0x0010fffe, 0 };
91		- String8 string8(string32);
92		- EXPECT_EQ(10U, string8.length());
93		-}
94		-
95	75	}

system-corennnn Fork