Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / 8da1c38b69e947885fcec50cda46c5472ddb6746
commit8da1c38b69e947885fcec50cda46c5472ddb6746[log] [tgz]
authorRyan Mitchell <rtmitchell@google.com>Fri Aug 23 11:45:04 2019 -0700
committerRyan Mitchell <rtmitchell@google.com>Fri Aug 23 13:11:14 2019 -0700
tree0bde6149b1b989b27aaf97a83703b5775ba83c9a
parent3dc631cfc9b08b385f2f11b072b314cce0f8bdb3 [diff]
Fix security issue in DynamicRefTable::load.

A crafted resources arsc could cause libandroidfw to read data out of
bounds of the resources arsc. This change updates the logic to calculate
whether the ref table chunk is large enough to hold the number of
entries specified in the header.

Bug: 129475100
Test: adb shell push ResTableTest data
Test: adb shell push poc.arsc data
Test: ./ResTableTest poc.arsc
Change-Id: Ifbaad87bdbcb7eecf554ef362e0118f53532a22a
1 file changed
tree: 0bde6149b1b989b27aaf97a83703b5775ba83c9a
  1. apct-tests/
  2. apex/
  3. api/
  4. cmds/
  5. config/
  6. core/
  7. data/
  8. docs/
  9. drm/
  10. graphics/
  11. keystore/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. native/
  17. nfc-extras/
  18. obex/
  19. opengl/
  20. packages/
  21. proto/
  22. rs/
  23. samples/
  24. sax/
  25. services/
  26. startop/
  27. telecomm/
  28. telephony/
  29. test-base/
  30. test-legacy/
  31. test-mock/
  32. test-runner/
  33. tests/
  34. tools/
  35. wifi/
  36. .gitignore
  37. Android.bp
  38. Android.mk
  39. CleanSpec.mk
  40. jarjar_rules_hidl.txt
  41. MODULE_LICENSE_APACHE2
  42. NOTICE
  43. pathmap.mk
  44. PREUPLOAD.cfg