OSDN > Developer > lafekasloan101 > Chamber > system-coremmmm > 提交

system-corennnn
Fork

Fork origin: android-x86 / system-core

R/O
HTTP
SSH
HTTPS

提交

标签

No Tags

system/corennnnn

Commit MetaInfo

修订版	c24dd976544cfd0eed88797d4b0195b9b5614b26 (tree)
时间	2016-10-07 09:04:29
作者	Tianjie Xu <xunchang@goog...>
Commiter	android-build-merger

Log Message

Fix out of bound access in libziparchive
am: 1ee4892e66

Change-Id: I26b48df5a9d39933b90ac063172b4b4ae8428bfd

更改概述

modified: libziparchive/zip_archive.cc (diff)

差异

--- a/libziparchive/zip_archive.cc

+++ b/libziparchive/zip_archive.cc

		@@ -501,9 +501,14 @@ static int32_t MapCentralDirectory0(int fd, const char* debug_file_name,
501	501	* Grab the CD offset and size, and the number of entries in the
502	502	* archive and verify that they look reasonable.
503	503	*/
504		- if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) {
	504	+ if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
505	505	ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
506	506	eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
	507	+#if defined(__ANDROID__)
	508	+ if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) {
	509	+ android_errorWriteLog(0x534e4554, "31251826");
	510	+ }
	511	+#endif
507	512	return kInvalidOffset;
508	513	}
509	514	if (eocd->num_records == 0) {