Google Git
Sign in
android / platform / frameworks / base / a409aa1214d6483efe129a4966f09aa4fdc097ad
commita409aa1214d6483efe129a4966f09aa4fdc097ad[log] [tgz]
authorRyan Mitchell <rtmitchell@google.com>Wed May 30 12:17:01 2018 -0700
committerandroid-build-team Robot <android-build-team-robot@google.com>Fri Jul 20 00:18:19 2018 +0000
tree57d752c537c3af25a31f9906f50d409c0e3166c6
parent1de25074adb5d9ed572d6a85e77d3df5ac3a7e9e [diff]
Fix DynamicRefTable::load security bug

DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.

Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
        -t android.appsecurity.cts.CorruptApkTests

Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit 18a6ada4aa136da4f50f03fff91d61d448ced195)
1 file changed
tree: 57d752c537c3af25a31f9906f50d409c0e3166c6
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. legacy-test/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. native/
  17. nfc-extras/
  18. obex/
  19. opengl/
  20. packages/
  21. proto/
  22. rs/
  23. samples/
  24. sax/
  25. services/
  26. telecomm/
  27. telephony/
  28. test-runner/
  29. tests/
  30. tools/
  31. vr/
  32. wifi/
  33. Android.bp
  34. Android.mk
  35. CleanSpec.mk
  36. MODULE_LICENSE_APACHE2
  37. NOTICE
  38. pathmap.mk
  39. PREUPLOAD.cfg