OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

提交

標籤
無標籤

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

system/core


Commit MetaInfo

修訂e86fe1d2cd3fe8570fc181058877ce2dc7b9216b (tree)
時間2018-03-16 04:53:25
作者Steven Moreland <smoreland@goog...>
CommiterJP Sugarbroad

Log Message

String16: remove integer overflows

Bug: 73826242
Test: manual
Change-Id: I32e13d61b944c1a527cf2d95473552d246e322be
Merged-In: I32e13d61b944c1a527cf2d95473552d246e322be
(cherry picked from commit d0648d8dc61fe9ac39d2cd150a332b385a334bdc)

Change Summary

差異

--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -84,6 +84,23 @@ static char16_t* allocFromUTF8(const char* u8str, size_t u8len)
8484 return getEmptyString();
8585 }
8686
87+static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {
88+ if (u16len >= SIZE_MAX / sizeof(char16_t)) {
89+ android_errorWriteLog(0x534e4554, "73826242");
90+ abort();
91+ }
92+
93+ SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));
94+ ALOG_ASSERT(buf, "Unable to allocate shared buffer");
95+ if (buf) {
96+ char16_t* str = (char16_t*)buf->data();
97+ memcpy(str, u16str, u16len * sizeof(char16_t));
98+ str[u16len] = 0;
99+ return str;
100+ }
101+ return getEmptyString();
102+}
103+
87104 // ---------------------------------------------------------------------------
88105
89106 String16::String16()
@@ -116,35 +133,9 @@ String16::String16(const String16& o, size_t len, size_t begin)
116133 setTo(o, len, begin);
117134 }
118135
119-String16::String16(const char16_t* o)
120-{
121- size_t len = strlen16(o);
122- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
123- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
124- if (buf) {
125- char16_t* str = (char16_t*)buf->data();
126- strcpy16(str, o);
127- mString = str;
128- return;
129- }
130-
131- mString = getEmptyString();
132-}
136+String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}
133137
134-String16::String16(const char16_t* o, size_t len)
135-{
136- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
137- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
138- if (buf) {
139- char16_t* str = (char16_t*)buf->data();
140- memcpy(str, o, len*sizeof(char16_t));
141- str[len] = 0;
142- mString = str;
143- return;
144- }
145-
146- mString = getEmptyString();
147-}
138+String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}
148139
149140 String16::String16(const String8& o)
150141 : mString(allocFromUTF8(o.string(), o.size()))
@@ -206,6 +197,11 @@ status_t String16::setTo(const char16_t* other)
206197
207198 status_t String16::setTo(const char16_t* other, size_t len)
208199 {
200+ if (len >= SIZE_MAX / sizeof(char16_t)) {
201+ android_errorWriteLog(0x534e4554, "73826242");
202+ abort();
203+ }
204+
209205 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
210206 ->editResize((len+1)*sizeof(char16_t));
211207 if (buf) {
@@ -228,7 +224,12 @@ status_t String16::append(const String16& other)
228224 } else if (otherLen == 0) {
229225 return NO_ERROR;
230226 }
231-
227+
228+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
229+ android_errorWriteLog(0x534e4554, "73826242");
230+ abort();
231+ }
232+
232233 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
233234 ->editResize((myLen+otherLen+1)*sizeof(char16_t));
234235 if (buf) {
@@ -249,7 +250,12 @@ status_t String16::append(const char16_t* chrs, size_t otherLen)
249250 } else if (otherLen == 0) {
250251 return NO_ERROR;
251252 }
252-
253+
254+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
255+ android_errorWriteLog(0x534e4554, "73826242");
256+ abort();
257+ }
258+
253259 SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
254260 ->editResize((myLen+otherLen+1)*sizeof(char16_t));
255261 if (buf) {