Add check to CheckImageIdenticalToOriginalExceptForRelocation Add defensive check which fails gracefully if the relocation offset is larger than the image size. Add tests. Bug: 109677607 Test: test-art-host-gtest-patchoat_test SANITIZE_HOST=address Change-Id: Ic989d5b7c77fd66e77b9e8ba90df1bf490a46e43

commit: b16e4a3c7563f83df0d6fd10c0aa4f1d36be8079 [log] [tgz]
author: David Srbecky <dsrbecky@google.com> Tue Jun 05 13:20:48 2018 +0100
committer: David Srbecky <dsrbecky@google.com> Wed Jun 06 12:39:35 2018 +0100
tree: 70de3e001d3da8904bc1983037495ae1f36ef16e
parent: 0366f3251c3078a0161d178e3b0afd5efc4c84c0 [diff] [blame]
diff --git a/patchoat/patchoat.cc b/patchoat/patchoat.cc
index a6d3903..73627b2 100644
--- a/patchoat/patchoat.cc
+++ b/patchoat/patchoat.cc

@@ -363,6 +363,10 @@
     uint32_t offset_delta = 0;
     if (DecodeUnsignedLeb128Checked(&rel_ptr, rel_end, &offset_delta)) {
       offset += offset_delta;
+      if (static_cast<int64_t>(offset) + static_cast<int64_t>(sizeof(uint32_t)) > image_size) {
+        *error_msg = StringPrintf("Relocation out of bounds in %s", relocated_filename.c_str());
+        return false;
+      }
       uint32_t *image_value = reinterpret_cast<uint32_t*>(image_start + offset);
       *image_value -= expected_diff;
     } else {
commit	b16e4a3c7563f83df0d6fd10c0aa4f1d36be8079	[log] [tgz]
author	David Srbecky <dsrbecky@google.com>	Tue Jun 05 13:20:48 2018 +0100
committer	David Srbecky <dsrbecky@google.com>	Wed Jun 06 12:39:35 2018 +0100
tree	70de3e001d3da8904bc1983037495ae1f36ef16e
parent	0366f3251c3078a0161d178e3b0afd5efc4c84c0 [diff] [blame]