Merge "Add missing size check when parsing staged aliases"

author: TreeHugger Robot <treehugger-gerrit@google.com> 2021-11-30 16:15:59 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2021-11-30 16:15:59 +0000
commit: f5cdbd0ec012cedcaf401b70d67a01aa20690c07 (patch)
tree: 4245f5953ef740897affd9b897ab4a4948c30271 /libs/androidfw
parent: 821c46160b8f0d41304a7d2e29793153bbc26543 (diff)
parent: 8002034e6b11e9be85671505475936b1ec3705b3 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/libs/androidfw/LoadedArsc.cpp b/libs/androidfw/LoadedArsc.cpp
index d17c32817994..8150e78fdddc 100644
--- a/libs/androidfw/LoadedArsc.cpp
+++ b/libs/androidfw/LoadedArsc.cpp
@@ -686,6 +686,12 @@ std::unique_ptr<const LoadedPackage> LoadedPackage::Load(const Chunk& chunk,
         std::unordered_set<uint32_t> finalized_ids;
         const auto lib_alias = child_chunk.header<ResTable_staged_alias_header>();
         if (!lib_alias) {
+          LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small.";
+          return {};
+        }
+        if ((child_chunk.data_size() / sizeof(ResTable_staged_alias_entry))
+            < dtohl(lib_alias->count)) {
+          LOG(ERROR) << "RES_TABLE_STAGED_ALIAS_TYPE is too small to hold entries.";
           return {};
         }
         const auto entry_begin = child_chunk.data_ptr().convert<ResTable_staged_alias_entry>();
author	TreeHugger Robot <treehugger-gerrit@google.com>	2021-11-30 16:15:59 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2021-11-30 16:15:59 +0000
commit	f5cdbd0ec012cedcaf401b70d67a01aa20690c07 (patch)
tree	4245f5953ef740897affd9b897ab4a4948c30271 /libs/androidfw
parent	821c46160b8f0d41304a7d2e29793153bbc26543 (diff)
parent	8002034e6b11e9be85671505475936b1ec3705b3 (diff)