Google Git
Sign in
android / platform / system / libbase / refs/heads/tmp_b_147314974
commit1be1f9146b7bc2a0334ab6f9e4c1c983077f0514[log] [tgz]
authorElliott Hughes <enh@google.com>Mon Dec 16 16:16:16 2019 -0800
committerElliott Hughes <enh@google.com>Tue Dec 17 08:39:09 2019 -0800
treecc14406f0c4df3c987b2ef03170e40bf3b4a86f2
parent9239a8f1c804fe6a2d6fc5c39a7cd7dca1b9eee3 [diff]
Fix SEGV in libziparchive with malformed zip file.

d77c99ebc3d896501531e9522b690c4a0e971aff changed MappedFile to return a
bogus zero-length mapping on failure rather than nullptr. None of the
calling code was changed, though, and it seems like doing so would be a
bad idea. Revert that part of the change.

Add missing tests, and tidy up some of the logging. Also remove
single-use or obfuscatory constants from the tests.

The new "empty.zip" was created by using zip(1) to create a zip file
with one entry, then using `zip -d` to remove it.

The new "zero-size-cd.zip" was created by using zip(1) to create a zip
file containing a single empty file, and then hex editing the two byte
"size of the central directory" field in the "end of central directory
record" structure at the end of the file. (This is equivalent to, but
much smaller than, the example zip file provided by the bug reporter.)

Bug: http://b/145925341
Test: treehugger
Change-Id: Iff64673bce7dae886ccbc9dd6c2bbe18de19f9d2
3 files changed
tree: cc14406f0c4df3c987b2ef03170e40bf3b4a86f2
  1. .clang-format ⇨ ../.clang-format-2
  2. Android.bp
  3. CPPLINT.cfg
  4. OWNERS
  5. README.md
  6. abi_compatibility.cpp
  7. chrono_utils.cpp
  8. chrono_utils_test.cpp
  9. cmsg.cpp
  10. cmsg_test.cpp
  11. endian_test.cpp
  12. errors_test.cpp
  13. errors_unix.cpp
  14. errors_windows.cpp
  15. expected_test.cpp
  16. file.cpp
  17. file_test.cpp
  18. format_benchmark.cpp
  19. include/
  20. logging.cpp
  21. logging_test.cpp
  22. macros_test.cpp
  23. mapped_file.cpp
  24. mapped_file_test.cpp
  25. no_destructor_test.cpp
  26. parsebool.cpp
  27. parsebool_test.cpp
  28. parsedouble_test.cpp
  29. parseint_test.cpp
  30. parsenetaddress.cpp
  31. parsenetaddress_test.cpp
  32. process.cpp
  33. process_test.cpp
  34. properties.cpp
  35. properties_test.cpp
  36. result_test.cpp
  37. scopeguard_test.cpp
  38. stringprintf.cpp
  39. stringprintf_test.cpp
  40. strings.cpp
  41. strings_test.cpp
  42. test_main.cpp
  43. test_utils.cpp
  44. test_utils_test.cpp
  45. threads.cpp
  46. utf8.cpp
  47. utf8_test.cpp
README.md

libbase

Who is this library for?

This library is a collection of convenience functions to make common tasks easier and less error-prone.

In this context, “error-prone” covers both “hard to do correctly” and “hard to do with good performance”, but as a general purpose library, libbase's primary focus is on making it easier to do things easily and correctly when a compromise has to be made between “simplest API” on the one hand and “fastest implementation” on the other. Though obviously the ideal is to have both.

Should my routine be added?

The intention is to cover the 80% use cases, not be all things to all users.

If you have a routine that‘s really useful in your project, congratulations. But that doesn’t mean it should be here rather than just in your project.

The question for libbase is “should everyone be doing this?”/“does this make everyone's code cleaner/safer?”. Historically we've considered the bar for inclusion to be “are there at least three unrelated projects that would be cleaned up by doing so”.

If your routine is actually something from a future C++ standard (that isn‘t yet in libc++), or it’s widely used in another library, that helps show that there's precedent. Being able to say “so-and-so has used this API for n years” is a good way to reduce concerns about API choices.

Any other restrictions?

Unlike most Android code, code in libbase has to build for Mac and Windows too.

Code here is also expected to have good test coverage.

By its nature, it‘s difficult to change libbase API. It’s often best to start using your routine just in your project, and let it “graduate” after you're certain that the API is solid.