From 778c0905f9a3a2f029cc9d4fe262ba3e61d35cd8 Mon Sep 17 00:00:00 2001 From: Frederick Mayle Date: Fri, 27 May 2022 01:14:57 +0000 Subject: binder: Tweak overflow check for readability Test: TH Change-Id: I01a9edd997095c03a35ceb4d75b3bb6df1863704 --- libs/binder/RpcState.cpp | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'libs') diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp index 4ef9cd859d..2a8e9c1d8b 100644 --- a/libs/binder/RpcState.cpp +++ b/libs/binder/RpcState.cpp @@ -493,14 +493,13 @@ status_t RpcState::transactAddress(const sp& connecti } } - LOG_ALWAYS_FATAL_IF(std::numeric_limits::max() - sizeof(RpcWireHeader) - - sizeof(RpcWireTransaction) < - data.dataSize(), + uint32_t bodySize; + LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireTransaction), data.dataSize(), + &bodySize), "Too much data %zu", data.dataSize()); - RpcWireHeader command{ .command = RPC_COMMAND_TRANSACT, - .bodySize = static_cast(sizeof(RpcWireTransaction) + data.dataSize()), + .bodySize = bodySize, }; RpcWireTransaction transaction{ @@ -940,14 +939,12 @@ processTransactInternalTailCall: replyStatus = flushExcessBinderRefs(session, addr, target); } - LOG_ALWAYS_FATAL_IF(std::numeric_limits::max() - sizeof(RpcWireHeader) - - sizeof(RpcWireReply) < - reply.dataSize(), + uint32_t bodySize; + LOG_ALWAYS_FATAL_IF(__builtin_add_overflow(sizeof(RpcWireReply), reply.dataSize(), &bodySize), "Too much data for reply %zu", reply.dataSize()); - RpcWireHeader cmdReply{ .command = RPC_COMMAND_REPLY, - .bodySize = static_cast(sizeof(RpcWireReply) + reply.dataSize()), + .bodySize = bodySize, }; RpcWireReply rpcReply{ .status = replyStatus, -- cgit v1.2.3-59-g8ed1b