tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Check for overflow in String8::real_append.

Browse source 
Bug: http://b/178822418
Test: new tests
Change-Id: I73631a070ade0689441abe5645ba5a5f64a58675
This commit is contained in:
Elliott Hughes 2021-06-10 16:42:20 -07:00
parent 8f654d8a99
commit 59682761fb
2 changed files with 27 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
libutils/String8.cpp
View file

@ -327,21 +327,23 @@ status_t String8::appendFormatV(const char* fmt, va_list args)
return result;
}
status_t String8::real_append(const char* other, size_t otherLen)
{
status_t String8::real_append(const char* other, size_t otherLen) {
const size_t myLen = bytes();
SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
->editResize(myLen+otherLen+1);
if (buf) {
char* str = (char*)buf->data();
mString = str;
str += myLen;
memcpy(str, other, otherLen);
str[otherLen] = '\0';
return OK;
SharedBuffer* buf;
size_t newLen;
if (__builtin_add_overflow(myLen, otherLen, &newLen) ||
__builtin_add_overflow(newLen, 1, &newLen) ||
(buf = SharedBuffer::bufferFromData(mString)->editResize(newLen)) == nullptr) {
return NO_MEMORY;
}
return NO_MEMORY;
char* str = (char*)buf->data();
mString = str;
str += myLen;
memcpy(str, other, otherLen);
str[otherLen] = '\0';
return OK;
}
char* String8::lockBuffer(size_t size)

14
libutils/String8_test.cpp
View file

@ -15,13 +15,14 @@
*/
#define LOG_TAG "String8_test"
#include <utils/Log.h>
#include <utils/String8.h>
#include <utils/String16.h>
#include <gtest/gtest.h>
namespace android {
using namespace android;
class String8Test : public testing::Test {
protected:
@ -101,4 +102,15 @@ TEST_F(String8Test, ValidUtf16Conversion) {
String8 valid = String8(String16(tmp));
EXPECT_STREQ(valid, "abcdef");
}
TEST_F(String8Test, append) {
String8 s;
EXPECT_EQ(OK, s.append("foo"));
EXPECT_STREQ("foo", s);
EXPECT_EQ(OK, s.append("bar"));
EXPECT_STREQ("foobar", s);
EXPECT_EQ(OK, s.append("baz", 0));
EXPECT_STREQ("foobar", s);
EXPECT_EQ(NO_MEMORY, s.append("baz", SIZE_MAX));
EXPECT_STREQ("foobar", s);
}