Commit graph

83 commits

Author SHA1 Message Date
Tianjie Xu
f4bb9db0a8 Fix out of bound read in libziparchive am: d9fd1863f4 am: 6908996434 am: 25c0d68d29 am: ed33065bfc am: bc8c8e4b56 am: afddaba0cc am: 0b1ad23070 am: d4b4f0a1e1
am: 2aea56db64

Change-Id: Icecc6630e82f43360d55b925a5946ffd0d608f58
2017-04-11 20:11:00 +00:00
Tianjie Xu
bc8c8e4b56 Fix out of bound read in libziparchive am: d9fd1863f4 am: 6908996434 am: 25c0d68d29
am: ed33065bfc

Change-Id: Ia2b0e05ae0e248d692d9ad4ad62e53613203f08e
2017-04-11 19:45:58 +00:00
Adam Lesinski
d987c9dd9e ZipWriter: Keep LFH and CFH in sync
We change the GPB in the LocalFileHeader if the entry can not
have a trailing DataDescriptor. Make sure to patch the
CentralFileHeader to have the same bits set.

Modify ZipArchive to check that the data descriptor bit is consistent
between Central and Local file headers.

(cherry-pick of commit e0eca55fe6)

Test: make ziparchive-tests
Bug: 36686974
Change-Id: Ied167570abcf6426b1c678cd40123e5ad65909db
2017-04-11 01:45:25 +00:00
Tianjie Xu
d9fd1863f4 Fix out of bound read in libziparchive
We should check the boundary of central directory before checking its
signature. Swap the order of these two checks.

Bug: 36392138
Test: libziparchive doesn't read the signature after boundary check fails.
Change-Id: Ie89f709bb2d1ccb647116fb7ccb1e23c943e5ab8
(cherry picked from commit 74464a1361)
2017-04-06 18:07:02 +00:00
Tao Bao
af2a8858c4 Merge "ziparchive: Allow ExtractEntryToFile() to work with block device."
am: 787482ecd9

Change-Id: Icdce4207cb64e084e200b6f7f8ae194831d5c4f0
2016-11-15 22:11:21 +00:00
Tao Bao
a456c21348 ziparchive: Allow ExtractEntryToFile() to work with block device.
FileWriter::Create() calls ftruncate(2) to truncate the destination
file, which doesn't work with FD that references a block device. It
leads to kIoError when calling ExtractEntryToFile() to extract an entry
to block device FD.

As a result, it fails the package_extract_file() command in OTA updates
(e.g. 'package_extract_file("boot.img",
"/dev/block/platform/soc.0/f9824900.sdhci/by-name/boot")').

This CL skips the call to ftruncate(2) if FD references a block device.

Bug: 32903624
Test: ziparchive-tests works.
Test: Build an OTA updater (m updater) and call package_extract_file().

Change-Id: Ia81116f1a8d7cab802396bdc32c6096b4cb56a3c
2016-11-15 10:19:04 -08:00
Mark Salyzyn
8a7297a09f Merge "system/core: preparation to pull back interfaces from android/log.h"
am: 27d2d49f48

Change-Id: I604bb1d4cf62636663fa92e3d14a55887dbcae23
2016-10-20 18:03:57 +00:00
Mark Salyzyn
cfd5b080af system/core: preparation to pull back interfaces from android/log.h
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.

Correct liblog/README

Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.

Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
2016-10-20 08:11:39 -07:00
Tianjie Xu
b2ca85184b Merge "Add functions in recovery/minzip to libziparchive"
am: 4bc51d1ea4

Change-Id: Ica94e8050286bed1c5bc23a33305050ab8da8ec5
2016-10-18 21:57:30 +00:00
Tianjie Xu
18c25920c2 Add functions in recovery/minzip to libziparchive
Add two functions libziparchive that libminzip has. And create
corresponding unit tests.
1. Open a zip archive from a memory mapped region.
2. A new writer that takes a call back function pointer.
(Used by the OTA updater to stream the data.)

Test: Unit tests passed
Bug: 19472796
Change-Id: I2b2daec71174afe221030357e39bff5faea51e72
2016-10-15 23:16:34 -07:00
Tianjie Xu
206150bf78 Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654 am: 8788591224 am: 167562aa76 am: 398adf9b55 am: 680c3f1dc4 am: f0ce69815f
am: 6fb68bb196

Change-Id: Id8f75debfae94d35dbbee9799632cba3f72648d0
2016-10-07 00:30:02 +00:00
Tianjie Xu
6fb68bb196 Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654 am: 8788591224 am: 167562aa76 am: 398adf9b55 am: 680c3f1dc4
am: f0ce69815f

Change-Id: I8e69df083b6d5cd3a7e6bf7113ae836932c2e9f2
2016-10-07 00:26:31 +00:00
Tianjie Xu
167562aa76 Fix out of bound access in libziparchive am: 1ee4892e66 am: c24dd97654
am: 8788591224

Change-Id: I2f0ca98c74f23b1125f29b1eaf810143a83754b4
2016-10-07 00:11:29 +00:00
Mark Salyzyn
ff2dcd9af9 system/core Replace log/log.h with android/log.h
Should use android/log.h instead of log/log.h as a good example
to all others.  Adjust header order to comply with Android Coding
standards.

Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I33a8fb4e754d2dc4754d335660c450e0a67190fc
2016-09-30 12:47:05 -07:00
Tianjie Xu
1ee4892e66 Fix out of bound access in libziparchive
The boundary check of an invalid EOCD record may succeed due to the
overflow of uint32_t. Fix the check.

Test: Open the crash.apk and libziparchive reports the offset error as expected.

Bug: 31251826
Change-Id: I1d8092a19b73886a671bc9d291cfc27d65e3d236
(cherry picked from commit ae8180c06d)
2016-09-22 18:24:53 -07:00
Colin Cross
7c6c7f0b9f Fix warnings in libziparchive
system/core/include is included in the global include path using
-isystem, which hides all warnings.  zlib.h is included through
system/core/include/ziparchive/zip_archive.h, which was hiding warnings
in it.  Use a #pragma around the call to deflateInit2, it is a macro
that expands to an old-style cast, in preparation for moving from
-isystem to -I.  Also move the ZipString constructor to zip_archive.cc
so it can assert on the length of the string parameter and fix an
implicit conversion from size_t to uint16_t.

Test: m -j native
Bug: 31492149
Change-Id: I74cdad7fe9c723859b5cfbea73c8f27d9d9ca265
2016-09-20 09:23:47 -07:00
Narayan Kamath
388a65d146 Merge "zip_archive: Improve error message on fallocate failure."
am: 704d818ec1

Change-Id: Ic1ab5e824dcc2b6a78e8ceb29732185ad5da1987
2016-08-16 09:03:04 +00:00
Narayan Kamath
d5d7abe3d1 zip_archive: Improve error message on fallocate failure.
Noticed on b/30765660.

Change-Id: I1a98f83fef02a7368bdc2e1f8f24a0771eebe468
2016-08-10 12:24:05 +01:00
Adam Lesinski
b1911401e0 libziparchive: ensure ReadAtOffset is atomic
ag/880725 modified ReadAtOffset to seek then read from the open
file descriptor. Previously pread64 was used to provide atomic
behaviour.

This causes races when multiple threads are trying to access data from
the file. This is supported, so this change reverts the relevant parts
of the above CL to restore the old behaviour.
Bug:27563413

Change-Id: I7bffd78da8c558745dfc3c072ba9691b1b15bb5b
2016-03-09 17:17:19 -08:00
Yabin Cui
b2a770042e libziparchive: port unit tests to darwin and windows.
Also use ReadFully to replace read, because read can
return reading bytes less than requested. And use
WriteFully to replace write.

Bug: 26962895
Change-Id: Iff0b2bc6d925619a537f7fef682c2a7ad89a2dc2
(cherry picked from commit 8e6f722764)
2016-03-07 11:21:24 -08:00
Yabin Cui
8e6f722764 libziparchive: port unit tests to darwin and windows.
Also use ReadFully to replace read, because read can
return reading bytes less than requested. And use
WriteFully to replace write.

Bug: 26962895
Change-Id: Iff0b2bc6d925619a537f7fef682c2a7ad89a2dc2
2016-02-08 16:52:55 -08:00
Christopher Ferris
e6884ce56f Add a ZipArchiveStreamEntry class.
This allows someone to stream the data out of a zip archive
instead of extracting to a file or to memory.

Included in this change is a small cleanup of the makefile.

Change-Id: I8b679a679c3502ff4ea0bc4f9e918303657fa424
2016-01-14 12:30:20 -08:00
Elliott Hughes
4f71319df0 Track rename of base/ to android-base/.
Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-04 22:00:26 -08:00
beonit
0e99a2f79a libziparchive: fix calculation of mod_time.
Take mod_date into account as well, and fixes the issue where
all entries had creation dates in 1979.

Signed-off-by: beonit <beonit@gmail.com>
Change-Id: Id101794fa08218d15f2d1ba4e4a313c1807ea7aa
2015-10-30 10:01:38 +00:00
Adam Lesinski
ad4ad8cfc8 Implement ZipWriter for quickly writing ZipFiles.
The ZipWriter implementation exposes a stateful interface that allows
bytes of data to be streamed in as they arrive. ZipEntries can be
compressed and/or aligned on a 32-bit boundary for mmapping at runtime.

Change-Id: I43ac9e661aa5022f00d9e12b247c4314d61c441c
2015-10-15 16:27:44 -07:00
Yusuke Sato
07447544ad Rename ZipEntryName to ZipString
since the struct is now used for other purposes. Also add some
comparator functions to the struct to simplify zip_archive.cc.

This is a follow-up CL for f1d3d3b247.

Bug: 21957428
Change-Id: I60d4171eeacc561d59226d946e9eb5f9c96d80cf
2015-06-26 10:34:01 -07:00
Yusuke Sato
f1d3d3b247 Add |optional_suffix| to StartIteration()
so that PackageManagerService can iterate over files with a
specific file extension like ".so".

(cherry picked from commit a4a80693d9)

Bug: 21957428
Change-Id: I36ba3c33a8b366a65f67cb6d156067c5caca1151
2015-06-25 14:10:05 -07:00
Yusuke Sato
a4a80693d9 Add |optional_suffix| to StartIteration()
so that PackageManagerService can iterate over files with a
specific file extension like ".so".

Bug: 21957428
Change-Id: I76ed9560d4d1e00d297a97d518ec357166be1981
2015-06-23 17:31:16 -07:00
Elliott Hughes
e49236b3da Fix whitespace in debug logging.
Change-Id: I949317deaf782fea18b5c38b22dfd41811608276
2015-06-04 15:21:59 -07:00
Badhri Jagan Sridharan
71aebefe49 libziparchive: fix fallocate failures
The objective of fallocate call seems to be to
make sure that we have enough enough space left
in the disk to house the uncompressed file.
But, fallocate is only supported in the following
file systems:
btrfs, ext4, ocfs2, and xfs

Return error only when fallocate fails due to
lack of space. The immediate ftruncate call is
going to take of the majority of other errors.

Bug: http://b/21558406
Bug: 21561449
Change-Id: I7083f3c7e5d745bd6e8a190ac9020297d638d9d4
(cherry picked from commit a68d0d1fe4)
2015-06-04 13:26:29 -07:00
Narayan Kamath
67ab5d9505 Use base::WriteFully in zip_archive.
We're already linking against libbase but we'll have to add
a libbase dependency to every target that includes libziparchive
as a STATIC_LIBRARY dependency, given that there's no way to
express that what we want (except by adding a LOCAL_WHOLE_STATIC_LIBRARY
dependency on libbase to libziparchive but that seems bad too)

Bug: http://b/21558406
Change-Id: I294ad389a9c61a1134a7bc323da25b0004a8f1e0
(cherry picked from commit e97e66ea7c)
2015-06-04 13:26:22 -07:00
Greg Hackmann
4ba18cf3ff libziparchive: fix clang build
Bug: http://b/21558406
Change-Id: I69105a9cde05b182f65c7e574282bb4b48b66e95
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit d6eac24aac)
2015-06-04 13:26:12 -07:00
Narayan Kamath
785a128aec Avoid mapping output to memory while writing to a file.
It's unnecessary, and causes issues when the uncompressed
output is large.

Bug: http://b/21558406
Change-Id: I99cfb3933b094c2826c7e6c6de9aab03478fcc53
(cherry picked from commit f899bd534b)
2015-06-04 13:25:52 -07:00
Badhri Jagan Sridharan
a68d0d1fe4 libziparchive: fix fallocate failures
The objective of fallocate call seems to be to
make sure that we have enough enough space left
in the disk to house the uncompressed file.
But, fallocate is only supported in the following
file systems:
btrfs, ext4, ocfs2, and xfs

Return error only when fallocate fails due to
lack of space. The immediate ftruncate call is
going to take of the majority of other errors.

Bug: 21561449
Change-Id: I7083f3c7e5d745bd6e8a190ac9020297d638d9d4
2015-06-03 11:02:26 -07:00
Narayan Kamath
e97e66ea7c Use base::WriteFully in zip_archive.
We're already linking against libbase but we'll have to add
a libbase dependency to every target that includes libziparchive
as a STATIC_LIBRARY dependency, given that there's no way to
express that what we want (except by adding a LOCAL_WHOLE_STATIC_LIBRARY
dependency on libbase to libziparchive but that seems bad too)

Change-Id: I294ad389a9c61a1134a7bc323da25b0004a8f1e0
2015-04-29 14:31:45 +00:00
Greg Hackmann
d6eac24aac libziparchive: fix clang build
Change-Id: I69105a9cde05b182f65c7e574282bb4b48b66e95
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2015-04-27 10:14:32 -07:00
Narayan Kamath
f899bd534b Avoid mapping output to memory while writing to a file.
It's unnecessary, and causes issues when the uncompressed
output is large.

Change-Id: I99cfb3933b094c2826c7e6c6de9aab03478fcc53
2015-04-27 13:34:18 +01:00
Łukasz Szymczyk
e1d5a6aa5c Reserve space on disk using fallocate
There were crashes when android failed to extract
zip archives due to out of free space on disk, with stacks like:

  #00 pc 00000000000156b0 /system/lib64/libc.so (memcpy+176)
  #01 pc 000000000002e5b8 /system/lib64/libandroidfw.so
  #02 pc 000000000002f488 /system/lib64/libandroidfw.so (ExtractToMemory+328)
  #03 pc 000000000002f5c8 /system/lib64/libandroidfw.so (ExtractEntryToFile+268)
  #04 pc 00000000000287d8 /system/lib64/libandroidfw.so (android::ZipFileRO::\
  uncompressEntry(void*, int) const+12)

Space for the file is now allocated using fallocate rather than
ftruncate, since ftruncate dont actually reserve space on disk. When writes
to the mmaped pointer fails to be realized due to out of space SIGBUS
is the result. With this change we make sure that there is space available
before mmaping the pointer.

Change-Id: Ic5e8c33dbe729edb57919dacff73811b34cc2dc2
2015-04-20 09:49:26 +00:00
Dan Albert
1ae0764e01 Prevent unaligned read in libziparchive.
Change-Id: I4afc3729a1b2c06a6621cb8c9742fc94b5a665f5
2015-04-09 17:00:14 -07:00
Greg Hackmann
503cd6d437 libziparchive: fix extraction of >2GiB images
Bug: 19888174

Change-Id: I33a577909ced522d46223e2182e0bb18c291af27
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2015-03-23 14:30:40 -07:00
Mykola Kondratenko
50afc159b3 libziparchive: fix issue with a directory with one file
libziparchive fails to iterate some bootanimation archives
reporting invalid offset error. This is caused by failure
to process a directory with one file
(when name_offset + file_name_length == cd_offset).

Change-Id: I2733e7f782c14a6fadd5491bb94318ac968df206
2015-03-19 09:28:41 +00:00
Dmitriy Ivanov
edbabfe9fe Allocate buffers on the heap
Change-Id: I96c8a50e8987e8ea77d0766ccf3c619f60377864
2015-03-12 14:47:52 -07:00
Dmitriy Ivanov
1f741e51bc Remove some more gotos
Change-Id: I9c4b3a5aecf4011653933b051e67605a6feb123f
2015-03-06 14:26:37 -08:00
Dmitriy Ivanov
f94e159007 Reapply -Wold-style-cast
Added pragmas to disable checks for the method
 using libz.h macros.

Change-Id: I25aa1adf09f3ecff61d8fea6306b24b37990ab46
2015-03-06 13:57:43 -08:00
Dmitriy Ivanov
3ea93da3c2 Remove some gotos
Change-Id: I0e162c8e0a700940f4302786b8523e5b2f5e5c27
2015-03-06 12:45:03 -08:00
Dmitriy Ivanov
f4cb8e2ac2 Cleanup old-style-cast warnings
Change-Id: I6e17fd993557cbf78ade787f112794358aee39c8
2015-03-06 10:50:56 -08:00
Dmitriy Ivanov
4b67f8339d Remove unnecessary allocation of FileMaps
Change-Id: I97bb72b9edeee5b3eff4ffd21a761a1af472a3b5
2015-03-06 10:22:34 -08:00
Narayan Kamath
6832a7a4e0 Remove useless refCounting from FileMap.
Nobody ever called acquire() so release() was always
equivalent to delete. Just use delete instead so that
people can use unique_ptr directly (or shared_ptr if
they really want refcounts).

Change-Id: I9e3ad5e0f6a4fcc4e02e5a2ff7ef9514fe234415
2015-02-23 15:49:43 +00:00
Dmitriy Ivanov
40b52b2c88 Add close_file flag to OpenArchiveFd()
* We should be able to keep fd alive after CloseArchive()

Change-Id: I1aa2c039bb2a590ae72f256acc9ba5401c2c59b1
2015-01-30 17:57:13 -08:00
Narayan Kamath
044bc8ee89 Reject zip archives whose entry names are not valid UTF-8.
bug: 18584205
Change-Id: Iaf3e8211dab6a1e3923f7fee6ea7fc693972dba3
2014-12-08 12:25:05 +00:00