From 4d14303653247da3922242796ab6d63123fbd004 Mon Sep 17 00:00:00 2001
From: Christopher Ferris <cferris@google.com>
Date: Tue, 26 May 2020 10:33:18 -0700
Subject: [PATCH] Fail explicitly on length overflow.

Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.

Bug: 156997193

Test: Ran unit tests, including new unit test that aborted before.
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29b5bd11e2e2dbb848d6b364bf627d21)
---
 libutils/FileMap.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libutils/FileMap.cpp b/libutils/FileMap.cpp
index 1afa1ecae..b9f411ef2 100644
--- a/libutils/FileMap.cpp
+++ b/libutils/FileMap.cpp
@@ -182,6 +182,10 @@ bool FileMap::create(const char* origFileName, int fd, off64_t offset, size_t le
     adjust = offset % mPageSize;
     adjOffset = offset - adjust;
     adjLength = length + adjust;
+    if (__builtin_add_overflow(length, adjust, &adjLength)) {
+        ALOGE("adjusted length overflow: length %zu adjust %d", length, adjust);
+        return false;
+    }
 
     flags = MAP_SHARED;
     prot = PROT_READ;