diff options
| author | Shawn Willden <swillden@google.com> | 2021-06-30 16:26:58 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-06-30 16:26:58 +0000 |
| commit | 3edbac816828a0beb129ba18a3eee3c4625d7fc1 (patch) | |
| tree | b9b027af6f181031574ee05829b5fba078b01f2b | |
| parent | c353e8424c67c19df81f8cdff1d9c431db66a504 (diff) | |
| parent | 4907264bdcc3da0477bb5648e55c07705e2793ba (diff) | |
| download | libcppbor-android12-mainline-networkstack-release.tar.gz | |
Check for integer overflow in cppbor::parseRecursively. am: 4907264bdcandroid-mainline-12.0.0_r99android-mainline-12.0.0_r96android-mainline-12.0.0_r95android-mainline-12.0.0_r94android-mainline-12.0.0_r93android-mainline-12.0.0_r84android-mainline-12.0.0_r83android-mainline-12.0.0_r82android-mainline-12.0.0_r81android-mainline-12.0.0_r80android-mainline-12.0.0_r8android-mainline-12.0.0_r79android-mainline-12.0.0_r77android-mainline-12.0.0_r70android-mainline-12.0.0_r67android-mainline-12.0.0_r66android-mainline-12.0.0_r65android-mainline-12.0.0_r64android-mainline-12.0.0_r63android-mainline-12.0.0_r6android-mainline-12.0.0_r59android-mainline-12.0.0_r58android-mainline-12.0.0_r57android-mainline-12.0.0_r53android-mainline-12.0.0_r52android-mainline-12.0.0_r51android-mainline-12.0.0_r49android-mainline-12.0.0_r40android-mainline-12.0.0_r38android-mainline-12.0.0_r37android-mainline-12.0.0_r35android-mainline-12.0.0_r34android-mainline-12.0.0_r32android-mainline-12.0.0_r25android-mainline-12.0.0_r23android-mainline-12.0.0_r20android-mainline-12.0.0_r18android-mainline-12.0.0_r17android-mainline-12.0.0_r16android-mainline-12.0.0_r15android-mainline-12.0.0_r14android-mainline-12.0.0_r126android-mainline-12.0.0_r125android-mainline-12.0.0_r124android-mainline-12.0.0_r123android-mainline-12.0.0_r122android-mainline-12.0.0_r114android-mainline-12.0.0_r110android-mainline-12.0.0_r109android-mainline-12.0.0_r108android-mainline-12.0.0_r107android-mainline-12.0.0_r100aml_wif_311811030aml_tet_311811050aml_sdk_311710000aml_pco_311011000android12-mainline-wifi-releaseandroid12-mainline-tethering-releaseandroid12-mainline-statsd-releaseandroid12-mainline-sdkext-releaseandroid12-mainline-resolv-releaseandroid12-mainline-permission-releaseandroid12-mainline-networkstack-releaseandroid12-mainline-conscrypt-releaseandroid12-mainline-captiveportallogin-release
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/libcppbor/+/15110385
Change-Id: I40584ef5b4c4a31774eb4e094361dd9747edc98a
| -rw-r--r-- | src/cppbor_parse.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/cppbor_parse.cpp b/src/cppbor_parse.cpp index f5e8fcf..964a72d 100644 --- a/src/cppbor_parse.cpp +++ b/src/cppbor_parse.cpp @@ -96,7 +96,8 @@ std::tuple<const uint8_t*, ParseClient*> handleString(uint64_t length, const uin const uint8_t* valueBegin, const uint8_t* end, const std::string& errLabel, ParseClient* parseClient) { - if (end - valueBegin < static_cast<ssize_t>(length)) { + ssize_t signed_length = static_cast<ssize_t>(length); + if (end - valueBegin < signed_length || signed_length < 0) { parseClient->error(hdrBegin, insufficientLengthString(length, end - valueBegin, errLabel)); return {hdrBegin, nullptr /* end parsing */}; } |