OSDN -- Develop and Download Open Source Software
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

system/corennnnn


Commit MetaInfo

Revision6fb68bb196c6861c7fe9e6da8104dd278e625610 (tree)
Time2016-10-07 09:26:31
AuthorTianjie Xu <xunchang@goog...>
Commiterandroid-build-merger

Log Message

Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654 am: 8788591224 am: 167562aa76 am: 398adf9b55 am: 680c3f1dc4
am: f0ce69815f

Change-Id: I8e69df083b6d5cd3a7e6bf7113ae836932c2e9f2

Change Summary

Incremental Difference

--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -269,9 +269,14 @@ static int32_t MapCentralDirectory0(int fd, const char* debug_file_name,
269269 * Grab the CD offset and size, and the number of entries in the
270270 * archive and verify that they look reasonable.
271271 */
272- if (eocd->cd_start_offset + eocd->cd_size > eocd_offset) {
272+ if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
273273 ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
274274 eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
275+#if defined(__ANDROID__)
276+ if (eocd->cd_start_offset + eocd->cd_size <= eocd_offset) {
277+ android_errorWriteLog(0x534e4554, "31251826");
278+ }
279+#endif
275280 return kInvalidOffset;
276281 }
277282 if (eocd->num_records == 0) {