Add missing size check when parsing staged aliases

Need to have the same kind of data size check as in other types parsing Bug: 203938029 Test: manual Change-Id: I9f5d2851ff59da90163ead6c0416f0bba3868cc4 Merged-In: I9f5d2851ff59da90163ead6c0416f0bba3868cc4 (cherry picked from commit 8002034e6b11e9be85671505475936b1ec3705b3)
author: Yurii Zubrytskyi <zyy@google.com> 2021-11-29 23:55:24 -0800
committer: Yurii Zubrytskyi <zyy@google.com> 2021-12-01 17:20:07 +0000
commit: a27822a79554c8cd875eac826ab84f550a7ea006 (patch)
tree: c255f33b459ff467219500fb5a774a166649c6d5
parent: 70c6650edaccd46910c2b74a3141f8a507320b28 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/libs/androidfw/LoadedArsc.cpp b/libs/androidfw/LoadedArsc.cpp
index d17c32817994..8150e78fdddc 100644
--- a/libs/androidfw/LoadedArsc.cpp
+++ b/libs/androidfw/LoadedArsc.cpp
@@ -686,6 +686,12 @@ std::unique_ptr<const LoadedPackage> LoadedPackage::Load(const Chunk& chunk,
         std::unordered_set<uint32_t> finalized_ids;
         const auto lib_alias = child_chunk.header<ResTable_staged_alias_header>();
         if (!lib_alias) {
+          LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small.";
+          return {};
+        }
+        if ((child_chunk.data_size() / sizeof(ResTable_staged_alias_entry))
+            < dtohl(lib_alias->count)) {
+          LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small to hold entries.";
           return {};
         }
         const auto entry_begin = child_chunk.data_ptr().convert<ResTable_staged_alias_entry>();
author	Yurii Zubrytskyi <zyy@google.com>	2021-11-29 23:55:24 -0800
committer	Yurii Zubrytskyi <zyy@google.com>	2021-12-01 17:20:07 +0000
commit	a27822a79554c8cd875eac826ab84f550a7ea006 (patch)
tree	c255f33b459ff467219500fb5a774a166649c6d5
parent	70c6650edaccd46910c2b74a3141f8a507320b28 (diff)