Fix potential OOM in update_verifier

Limit the size of each read to 1024 * BLOCKSIZE. (Same as the I/O limit
of each transfer command for block based OTA).

Bug: 37729708
Test: U_V sets slot successfully on sailfish, and it takes about ~20s
(no noticeable time increase)
Change-Id: I7a6cdc744fe4c0760e09e0afed75b89c16d8eac3

update_verifier/update_verifier.cpp

@@ -44,6 +44,7 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <algorithm>
 #include <string>
 #include <vector>
 
@@ -142,17 +143,21 @@ static bool read_blocks(const std::string& partition, const std::string& range_s
       return false;
     }
 
-    static constexpr int BLOCKSIZE = 4096;
+    static constexpr size_t BLOCKSIZE = 4096;
     if (lseek64(fd.get(), static_cast<off64_t>(range_start) * BLOCKSIZE, SEEK_SET) == -1) {
       PLOG(ERROR) << "lseek to " << range_start << " failed";
       return false;
     }
 
-    size_t size = (range_end - range_start) * BLOCKSIZE;
+    size_t remain = (range_end - range_start) * BLOCKSIZE;
-    std::vector<uint8_t> buf(size);
+    while (remain > 0) {
-    if (!android::base::ReadFully(fd.get(), buf.data(), size)) {
+      size_t to_read = std::min(remain, 1024 * BLOCKSIZE);
-      PLOG(ERROR) << "Failed to read blocks " << range_start << " to " << range_end;
+      std::vector<uint8_t> buf(to_read);
-      return false;
+      if (!android::base::ReadFully(fd.get(), buf.data(), to_read)) {
+        PLOG(ERROR) << "Failed to read blocks " << range_start << " to " << range_end;
+        return false;
+      }
+      remain -= to_read;
     }
     blk_count += (range_end - range_start);
   }