diff options
| author | 2015-07-12 12:51:35 -0500 | |
|---|---|---|
| committer | 2015-07-13 11:10:59 -0500 | |
| commit | 6a8df53d90e47e3256faf7ff0caed0acf377b99b (patch) | |
| tree | c6f80a9ec56dc205c803779f35822deea7f0a587 /compiler/utils/array_ref.h | |
| parent | d4da360082e8eadcd12b5030f42a9ba598332471 (diff) | |
ART: Fix DexFileVerifier try_items OoO validation
DexFileVerifier::CheckIntraCodeItem() implements an out of order
validation for CodeItem try_items. try_items_size is validated for
sanity via CheckListSize() at dex_file_verifier.cc:800, although
handlers_size ULEB128 read (offset calculated from tries_size_) occurs
before at lines 797-798.
An out of bounds (wild) read will occur for invalid try_items_size at
parsed DEX file.
handlers_size read has been moved after try_items validation to resolve
this OoO issue.
Bug: 21307613
Bug: https://code.google.com/p/android/issues/detail?id=178592
Change-Id: I94d00819ee9a465f57ba9a1fdfdd356979e35ed7
Diffstat (limited to 'compiler/utils/array_ref.h')
0 files changed, 0 insertions, 0 deletions