OSDN > 開發者 > lafekasloan101 > 工作室 > system-coremmmm > 提交

system-corennnn
Fork

R/O
HTTP
SSH
HTTPS

提交

Commit MetaInfo

修訂	311002936e97a36b1ce4812ed690d6cf9c2a75c4 (tree)
時間	2016-07-13 20:47:53
作者	Sergio Giro <sgiro@goog...>
Commiter	Sergio Giro

Log Message

Revert "libutils/Unicode.cpp: Correct length computation and add checks for utf16->utf8"

This reverts commit 53473c160713b8605e262bf212b0cf5e9a19a4d6.

Change-Id: I27379317e08ecbd5e3b95b7ece58194838ab6c21

Change Summary

modified: include/utils/Unicode.h (diff)
modified: libutils/String8.cpp (diff)
modified: libutils/Unicode.cpp (diff)
modified: libutils/tests/String8_test.cpp (diff)

差異

--- a/include/utils/Unicode.h

+++ b/include/utils/Unicode.h

		@@ -90,7 +90,7 @@ ssize_t utf32_to_utf8_length(const char32_t *src, size_t src_len);
90	90	* "dst" becomes \xE3\x81\x82\xE3\x81\x84
91	91	* (note that "dst" is NOT null-terminated, like strncpy)
92	92	*/
93		-void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_len);
	93	+void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst);
94	94
95	95	/**
96	96	* Returns the unicode value at "index".

		@@ -112,7 +112,7 @@ ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len);
112	112	* enough to fit the UTF-16 as measured by utf16_to_utf8_length with an added
113	113	* NULL terminator.
114	114	*/
115		-void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_len);
	115	+void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst);
116	116
117	117	/**
118	118	* Returns the length of "src" when "src" is valid UTF-8 string.

--- a/libutils/String8.cpp

+++ b/libutils/String8.cpp

		@@ -102,21 +102,20 @@ static char* allocFromUTF16(const char16_t* in, size_t len)
102	102	{
103	103	if (len == 0) return getEmptyString();
104	104
105		- // Allow for closing '\0'
106		- const ssize_t resultStrLen = utf16_to_utf8_length(in, len) + 1;
107		- if (resultStrLen < 1) {
	105	+ const ssize_t bytes = utf16_to_utf8_length(in, len);
	106	+ if (bytes < 0) {
108	107	return getEmptyString();
109	108	}
110	109
111		- SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
	110	+ SharedBuffer* buf = SharedBuffer::alloc(bytes+1);
112	111	ALOG_ASSERT(buf, "Unable to allocate shared buffer");
113	112	if (!buf) {
114	113	return getEmptyString();
115	114	}
116	115
117		- char* resultStr = (char*)buf->data();
118		- utf16_to_utf8(in, len, resultStr, resultStrLen);
119		- return resultStr;
	116	+ char* str = (char*)buf->data();
	117	+ utf16_to_utf8(in, len, str);
	118	+ return str;
120	119	}
121	120
122	121	static char* allocFromUTF32(const char32_t* in, size_t len)

		@@ -125,21 +124,21 @@ static char* allocFromUTF32(const char32_t* in, size_t len)
125	124	return getEmptyString();
126	125	}
127	126
128		- const ssize_t resultStrLen = utf32_to_utf8_length(in, len) + 1;
129		- if (resultStrLen < 1) {
	127	+ const ssize_t bytes = utf32_to_utf8_length(in, len);
	128	+ if (bytes < 0) {
130	129	return getEmptyString();
131	130	}
132	131
133		- SharedBuffer* buf = SharedBuffer::alloc(resultStrLen);
	132	+ SharedBuffer* buf = SharedBuffer::alloc(bytes+1);
134	133	ALOG_ASSERT(buf, "Unable to allocate shared buffer");
135	134	if (!buf) {
136	135	return getEmptyString();
137	136	}
138	137
139		- char* resultStr = (char*) buf->data();
140		- utf32_to_utf8(in, len, resultStr, resultStrLen);
	138	+ char* str = (char*) buf->data();
	139	+ utf32_to_utf8(in, len, str);
141	140
142		- return resultStr;
	141	+ return str;
143	142	}
144	143
145	144	// ---------------------------------------------------------------------------

--- a/libutils/Unicode.cpp

+++ b/libutils/Unicode.cpp

		@@ -14,7 +14,6 @@
14	14	* limitations under the License.
15	15	*/
16	16
17		-#include <log/log.h>
18	17	#include <utils/Unicode.h>
19	18
20	19	#include <stddef.h>

		@@ -189,7 +188,7 @@ ssize_t utf32_to_utf8_length(const char32_t *src, size_t src_len)
189	188	return ret;
190	189	}
191	190
192		-void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_len)
	191	+void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst)
193	192	{
194	193	if (src == NULL \|\| src_len == 0 \|\| dst == NULL) {
195	194	return;

		@@ -200,12 +199,9 @@ void utf32_to_utf8(const char32_t* src, size_t src_len, char* dst, size_t dst_le
200	199	char *cur = dst;
201	200	while (cur_utf32 < end_utf32) {
202	201	size_t len = utf32_codepoint_utf8_length(*cur_utf32);
203		- LOG_ALWAYS_FATAL_IF(dst_len < len, "%zu < %zu", dst_len, len);
204	202	utf32_codepoint_to_utf8((uint8_t )cur, cur_utf32++, len);
205	203	cur += len;
206		- dst_len -= len;
207	204	}
208		- LOG_ALWAYS_FATAL_IF(dst_len < 1, "dst_len < 1: %zu < 1", dst_len);
209	205	*cur = '\0';
210	206	}
211	207

		@@ -334,7 +330,7 @@ int strzcmp16_h_n(const char16_t s1H, size_t n1, const char16_t s2N, size_t n2
334	330	: 0);
335	331	}
336	332
337		-void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_len)
	333	+void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst)
338	334	{
339	335	if (src == NULL \|\| src_len == 0 \|\| dst == NULL) {
340	336	return;

		@@ -354,12 +350,9 @@ void utf16_to_utf8(const char16_t* src, size_t src_len, char* dst, size_t dst_le
354	350	utf32 = (char32_t) *cur_utf16++;
355	351	}
356	352	const size_t len = utf32_codepoint_utf8_length(utf32);
357		- LOG_ALWAYS_FATAL_IF(dst_len < len, "%zu < %zu", dst_len, len);
358	353	utf32_codepoint_to_utf8((uint8_t*)cur, utf32, len);
359	354	cur += len;
360		- dst_len -= len;
361	355	}
362		- LOG_ALWAYS_FATAL_IF(dst_len < 1, "%zu < 1", dst_len);
363	356	*cur = '\0';
364	357	}
365	358

		@@ -410,35 +403,8 @@ ssize_t utf8_length(const char *src)
410	403	return ret;
411	404	}
412	405
413		-// DO NOT USE. Flawed version, kept only to check whether the flaw is being exploited.
414		-static ssize_t flawed_utf16_to_utf8_length(const char16_t *src, size_t src_len)
415		-{
416		- if (src == NULL \|\| src_len == 0) {
417		- return 47;
418		- }
419		-
420		- size_t ret = 0;
421		- const char16_t* const end = src + src_len;
422		- while (src < end) {
423		- if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
424		- // Shouldn't increment src here as to be consistent with utf16_to_utf8
425		- && (*++src & 0xFC00) == 0xDC00) {
426		- // surrogate pairs are always 4 bytes.
427		- ret += 4;
428		- // Should increment src here by two.
429		- src++;
430		- } else {
431		- ret += utf32_codepoint_utf8_length((char32_t) *src++);
432		- }
433		- }
434		- return ret;
435		-}
436		-
437	406	ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
438	407	{
439		- // Keep the original pointer to compute the flawed length. Unused if we remove logging.
440		- const char16_t *orig_src = src;
441		-
442	408	if (src == NULL \|\| src_len == 0) {
443	409	return -1;
444	410	}

		@@ -447,29 +413,14 @@ ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
447	413	const char16_t* const end = src + src_len;
448	414	while (src < end) {
449	415	if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
450		- && (*(src + 1) & 0xFC00) == 0xDC00) {
	416	+ && (*++src & 0xFC00) == 0xDC00) {
451	417	// surrogate pairs are always 4 bytes.
452	418	ret += 4;
453		- src += 2;
	419	+ src++;
454	420	} else {
455	421	ret += utf32_codepoint_utf8_length((char32_t) *src++);
456	422	}
457	423	}
458		- // Log whether b/29250543 is being exploited. It seems reasonable to assume that
459		- // at least 5 bytes would be needed for an exploit. A single misplaced character might lead to
460		- // a difference of 4, so this would rule out many false positives.
461		- long ret_difference = ret - flawed_utf16_to_utf8_length(orig_src, src_len);
462		- if (ret_difference >= 5) {
463		- // Log the difference between new and old calculation. A high number, or equal numbers
464		- // appearing frequently, would be indicative of an attack.
465		- const unsigned long max_logged_string_length = 20;
466		- char logged_string[max_logged_string_length + 1];
467		- unsigned long logged_string_length =
468		- snprintf(logged_string, max_logged_string_length, "%ld", ret_difference);
469		- logged_string[logged_string_length] = '\0';
470		- android_errorWriteWithInfoLog(0x534e4554, "29250543", -1 /* int_uid */,
471		- logged_string, logged_string_length);
472		- }
473	424	return ret;
474	425	}
475	426

--- a/libutils/tests/String8_test.cpp

+++ b/libutils/tests/String8_test.cpp

		@@ -17,7 +17,6 @@
17	17	#define LOG_TAG "String8_test"
18	18	#include <utils/Log.h>
19	19	#include <utils/String8.h>
20		-#include <utils/String16.h>
21	20
22	21	#include <gtest/gtest.h>
23	22

		@@ -73,23 +72,4 @@ TEST_F(String8Test, OperatorPlusEquals) {
73	72	EXPECT_STREQ(src3, " Verify me.");
74	73	}
75	74
76		-// http://b/29250543
77		-TEST_F(String8Test, CorrectInvalidSurrogate) {
78		- // d841d8 is an invalid start for a surrogate pair. Make sure this is handled by ignoring the
79		- // first character in the pair and handling the rest correctly.
80		- char16_t char16_arr[] = { 0xd841, 0xd841, 0xdc41, 0x0000 };
81		- String16 string16(char16_arr);
82		- String8 string8(string16);
83		-
84		- EXPECT_EQ(4U, string8.length());
85		-}
86		-
87		-TEST_F(String8Test, CheckUtf32Conversion) {
88		- // Since bound checks were added, check the conversion can be done without fatal errors.
89		- // The utf8 lengths of these are chars are 1 + 2 + 3 + 4 = 10.
90		- const char32_t string32[] = { 0x0000007f, 0x000007ff, 0x0000911, 0x0010fffe, 0 };
91		- String8 string8(string32);
92		- EXPECT_EQ(10U, string8.length());
93		-}
94		-
95	75	}

system-corennnn Fork

提交

標籤

Frequently used words (click to add to your profile)

Commit MetaInfo

Log Message

Change Summary

差異

system-corennnn
Fork