Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 53158e51 authored by xunchang's avatar xunchang
Browse files

Fix potential size overflow in blockimg.cpp 

Switch to 64 bit integers since the size of the entire src/tgt images may
not fit in size_t of ILP32.

There are other theoretical overflow cases in memory allocation and I/O
functions. However, they reside within a single transfer command and are
less likely to happen. I will evaluate and address them in separate
cls.

Test: unit tests pass
Bug: 122461124
Change-Id: Ib719ee695920877458fcfaa25c6ac058a5bbabf2
parent 27aa9404

updater/blockimg.cpp

+5 −3
Original line number Diff line number Diff line
@@ -1525,7 +1525,7 @@ static int PerformCommandComputeHashTree(CommandParameters& params) { 


  // Starts the hash_tree computation.

  HashTreeBuilder builder(BLOCKSIZE, hash_function);

  if (!builder.Initialize(source_ranges.blocks() * BLOCKSIZE, salt)) {

  if (!builder.Initialize(static_cast<int64_t>(source_ranges.blocks()) * BLOCKSIZE, salt)) {

    LOG(ERROR) << "Failed to initialize hash tree computation, source " << source_ranges.ToString()

               << ", salt " << salt_hex;

    return -1;
@@ -1915,8 +1915,10 @@ pbiudone: 


      const char* partition = strrchr(blockdev_filename->data.c_str(), '/');

      if (partition != nullptr && *(partition + 1) != 0) {

        fprintf(cmd_pipe, "log bytes_written_%s: %zu\n", partition + 1, params.written * BLOCKSIZE);

        fprintf(cmd_pipe, "log bytes_stashed_%s: %zu\n", partition + 1, params.stashed * BLOCKSIZE);

        fprintf(cmd_pipe, "log bytes_written_%s: %" PRIu64 "\n", partition + 1,

                static_cast<uint64_t>(params.written) * BLOCKSIZE);

        fprintf(cmd_pipe, "log bytes_stashed_%s: %" PRIu64 "\n", partition + 1,

                static_cast<uint64_t>(params.stashed) * BLOCKSIZE);

        fflush(cmd_pipe);

      }

      // Delete stash only after successfully completing the update, as it may contain blocks needed