Merge changes from topic "am-1ab9514f-fd12-4093-b1cb-a77e9f0419c9" into oc-dev

* changes: [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 am: 166aa6e149 am: b7f7f7e14e am: c26b8635b7 am: afac0f46d9 am: 5786491706 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 am: 166aa6e149 am: b7f7f7e14e am: c26b8635b7 am: afac0f46d9 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 am: 166aa6e149 am: b7f7f7e14e am: c26b8635b7 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 am: 166aa6e149 am: b7f7f7e14e [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 am: 166aa6e149 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 am: a3f0976937 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 am: 0ab4540c41 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 am: e2417e6682 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 am: c3d7250b99 [automerger] Check for null-terminator in ResStringPool::string8At am: 5ec65ae909 Check for null-terminator in ResStringPool::string8At
author: TreeHugger Robot <treehugger-gerrit@google.com> 2018-01-31 22:13:40 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2018-01-31 22:13:40 +0000
commit: 46fc48f57ea754372d5304a5903acf28b8d0d2c3 (patch)
tree: 97bc5a3b2484705ded8009072f2907fa8c8d95d6 /libs
parent: 5f7cdba8abe1845afd83c7ee5337f33d736c2ce3 (diff)
parent: 163548ed6aa4bf88f35157b7ee0818294817300f (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/libs/androidfw/ResourceTypes.cpp b/libs/androidfw/ResourceTypes.cpp
index bab8883ef64f..1798d669771d 100644
--- a/libs/androidfw/ResourceTypes.cpp
+++ b/libs/androidfw/ResourceTypes.cpp
@@ -813,7 +813,13 @@ const char* ResStringPool::string8At(size_t idx, size_t* outLen) const
             *outLen = encLen;
 
             if ((uint32_t)(str+encLen-strings) < mStringPoolSize) {
-                return (const char*)str;
+                // Reject malformed (non null-terminated) strings
+                if (str[encLen] != 0x00) {
+                    ALOGW("Bad string block: string #%d is not null-terminated",
+                          (int)idx);
+                    return NULL;
+                }
+              return (const char*)str;
             } else {
                 ALOGW("Bad string block: string #%d extends to %d, past end at %d\n",
                         (int)idx, (int)(str+encLen-strings), (int)mStringPoolSize);
author	TreeHugger Robot <treehugger-gerrit@google.com>	2018-01-31 22:13:40 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2018-01-31 22:13:40 +0000
commit	46fc48f57ea754372d5304a5903acf28b8d0d2c3 (patch)
tree	97bc5a3b2484705ded8009072f2907fa8c8d95d6 /libs
parent	5f7cdba8abe1845afd83c7ee5337f33d736c2ce3 (diff)
parent	163548ed6aa4bf88f35157b7ee0818294817300f (diff)