Google Git
Sign in
android / platform / frameworks / base / 7d4d4232c9891f7124d1ac1cc2db6dc178cc6994
commit7d4d4232c9891f7124d1ac1cc2db6dc178cc6994[log] [tgz]
authorRyan Mitchell <rtmitchell@google.com>Wed May 30 12:17:01 2018 -0700
committerandroid-build-team Robot <android-build-team-robot@google.com>Fri Sep 14 20:45:23 2018 +0000
tree905c2fcc1685a6b4fa1bd60eb68233f128a6df78
parenta0c74b5e0a921fecaafc4ecb6e4f0f3a4f9042df [diff]
Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.

Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
        -t android.appsecurity.cts.CorruptApkTests

Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit 8cf0f988b0c64bcf2c199bb76439c51c257dd162)
1 file changed
tree: 905c2fcc1685a6b4fa1bd60eb68233f128a6df78
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. proto/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telecomm/
  24. telephony/
  25. test-runner/
  26. tests/
  27. tools/
  28. wifi/
  29. Android.mk
  30. CleanSpec.mk
  31. compiled-classes-phone
  32. MODULE_LICENSE_APACHE2
  33. NOTICE
  34. preloaded-classes