Merge "DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset" into security-aosp-mnc-mr1-release

commit: 52a443f82177221cce02377aa166359d00d0cfab [log] [tgz]
author: JP Sugarbroad <jpsugar@google.com> Wed Mar 22 20:27:29 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Mar 22 20:27:34 2017 +0000
tree: 6bdff3b181a8ac12edfca042c122e53cca2abf14
parent: de607e532e13710ef8b6db42c41111e7d873a4f4 [diff]
parent: 4996a4b3786d2d8b5f0a726b4ef816d23c4a150b [diff]
diff --git a/core/jni/android_database_CursorWindow.cpp b/core/jni/android_database_CursorWindow.cpp
index 580ac02..a86e57d 100644
--- a/core/jni/android_database_CursorWindow.cpp
+++ b/core/jni/android_database_CursorWindow.cpp

@@ -182,6 +182,10 @@
     if (type == CursorWindow::FIELD_TYPE_BLOB || type == CursorWindow::FIELD_TYPE_STRING) {
         size_t size;
         const void* value = window->getFieldSlotValueBlob(fieldSlot, &size);
+        if (!value) {
+            throw_sqlite3_exception(env, "Native could not read blob slot");
+            return NULL;
+        }
         jbyteArray byteArray = env->NewByteArray(size);
         if (!byteArray) {
             env->ExceptionClear();
@@ -217,6 +221,10 @@
     if (type == CursorWindow::FIELD_TYPE_STRING) {
         size_t sizeIncludingNull;
         const char* value = window->getFieldSlotValueString(fieldSlot, &sizeIncludingNull);
+        if (!value) {
+            throw_sqlite3_exception(env, "Native could not read string slot");
+            return NULL;
+        }
         if (sizeIncludingNull <= 1) {
             return gEmptyString;
         }
commit	52a443f82177221cce02377aa166359d00d0cfab	[log] [tgz]
author	JP Sugarbroad <jpsugar@google.com>	Wed Mar 22 20:27:29 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Mar 22 20:27:34 2017 +0000
tree	6bdff3b181a8ac12edfca042c122e53cca2abf14
parent	de607e532e13710ef8b6db42c41111e7d873a4f4 [diff]
parent	4996a4b3786d2d8b5f0a726b4ef816d23c4a150b [diff]