Google Git
Sign in
android / platform / frameworks / base / aff8e2d83d86abcfdef645712f77215fb3e239e9
commitaff8e2d83d86abcfdef645712f77215fb3e239e9[log] [tgz]
authorRyan Mitchell <rtmitchell@google.com>Fri Aug 23 11:45:04 2019 -0700
committerRyan Mitchell <rtmitchell@google.com>Fri Feb 07 19:26:54 2020 +0000
tree48af319d2bb447694b589f7da2d531471936d26e
parent410b9a75d25fed7d9d0162f3c4bd2f2fa2ab4f41 [diff]
Fix security issue in DynamicRefTable::load.

A crafted resources arsc could cause libandroidfw to read data out of
bounds of the resources arsc. This change updates the logic to calculate
whether the ref table chunk is large enough to hold the number of
entries specified in the header.

Bug: 129475100
Test: adb shell push ResTableTest data
Test: adb shell push poc.arsc data
Test: ./ResTableTest poc.arsc
Change-Id: Ifbaad87bdbcb7eecf554ef362e0118f53532a22a
(cherry picked from commit 8da1c38b69e947885fcec50cda46c5472ddb6746)
1 file changed
tree: 48af319d2bb447694b589f7da2d531471936d26e
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. wifi/
  35. .gitignore
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. jarjar_rules_hidl.txt
  40. MODULE_LICENSE_APACHE2
  41. NOTICE
  42. pathmap.mk
  43. PREUPLOAD.cfg