Merge "DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset" into security-aosp-mnc-mr1-release
diff --git a/core/jni/android_database_CursorWindow.cpp b/core/jni/android_database_CursorWindow.cpp
index 580ac02..a86e57d 100644
--- a/core/jni/android_database_CursorWindow.cpp
+++ b/core/jni/android_database_CursorWindow.cpp
@@ -182,6 +182,10 @@
if (type == CursorWindow::FIELD_TYPE_BLOB || type == CursorWindow::FIELD_TYPE_STRING) {
size_t size;
const void* value = window->getFieldSlotValueBlob(fieldSlot, &size);
+ if (!value) {
+ throw_sqlite3_exception(env, "Native could not read blob slot");
+ return NULL;
+ }
jbyteArray byteArray = env->NewByteArray(size);
if (!byteArray) {
env->ExceptionClear();
@@ -217,6 +221,10 @@
if (type == CursorWindow::FIELD_TYPE_STRING) {
size_t sizeIncludingNull;
const char* value = window->getFieldSlotValueString(fieldSlot, &sizeIncludingNull);
+ if (!value) {
+ throw_sqlite3_exception(env, "Native could not read string slot");
+ return NULL;
+ }
if (sizeIncludingNull <= 1) {
return gEmptyString;
}