tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fix an error when overflows occur." am: 483364a7ec

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1446118

Change-Id: If9b85c1c1a316b18af92b23fca2ffd0c14f7eb6a
This commit is contained in:
Christopher Ferris 2020-10-02 08:03:23 +00:00 committed by Automerger Merge Worker
commit fd43e423b7
1 changed files with 21 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp
View file

@ -116,8 +116,12 @@ ElfFake* PopulateElfFake(FuzzedDataProvider* data_provider) {
static constexpr size_t kPageSize = 4096;
static constexpr uint64_t AlignToPage(uint64_t address) {
return (address + kPageSize - 1) & ~(kPageSize - 1);
static inline bool AlignToPage(uint64_t address, uint64_t* aligned_address) {
if (__builtin_add_overflow(address, kPageSize - 1, aligned_address)) {
return false;
}
*aligned_address &= ~(kPageSize - 1);
return true;
}
std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) {
@ -125,8 +129,16 @@ std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) {
std::map<uint64_t, uint64_t> map_ends;
uint8_t entry_count = data_provider->ConsumeIntegralInRange<uint8_t>(0, kMaxMapEntryCount);
for (uint8_t i = 0; i < entry_count; i++) {
uint64_t start = AlignToPage(data_provider->ConsumeIntegral<uint64_t>());
uint64_t end = AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX));
uint64_t start;
if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &start)) {
// Overflowed.
continue;
}
uint64_t end;
if (!AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX), &end)) {
// Overflowed.
continue;
}
if (start == end) {
// It's impossible to see start == end in the real world, so
// make sure the map contains at least one page of data.
@ -142,7 +154,11 @@ std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) {
}
map_ends[end] = start;
uint64_t offset = AlignToPage(data_provider->ConsumeIntegral<uint64_t>());
uint64_t offset;
if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &offset)) {
// Overflowed.
continue;
}
std::string map_info_name = data_provider->ConsumeRandomLengthString(kMaxMapInfoNameLen);
uint8_t flags = PROT_READ | PROT_WRITE;