Handle malformed manifests in printXMLBlock (9b754a1b) · Commits · e / os / android_frameworks_base

tools/aapt/XMLNode.cpp

+22 −14

Original line number	Original line	Diff line number	Diff line
	@@ -520,7 +520,12 @@ void printXMLBlock(ResXMLTree* block)
	printf("\n");		printf("\n");
	}		}
	} else if (code == ResXMLTree::END_TAG) {		} else if (code == ResXMLTree::END_TAG) {
	depth--;		// Invalid tag nesting can be misused to break the parsing
			// code below. Break if detected.
			if (--depth < 0) {
			printf("***BAD DEPTH in XMLBlock: %d\n", depth);
			break;
			}
	} else if (code == ResXMLTree::START_NAMESPACE) {		} else if (code == ResXMLTree::START_NAMESPACE) {
	namespace_entry ns;		namespace_entry ns;
	size_t len;		size_t len;
	@@ -536,7 +541,10 @@ void printXMLBlock(ResXMLTree* block)
	ns.uri.string());		ns.uri.string());
	depth++;		depth++;
	} else if (code == ResXMLTree::END_NAMESPACE) {		} else if (code == ResXMLTree::END_NAMESPACE) {
	depth--;		if (--depth < 0) {
			printf("***BAD DEPTH in XMLBlock: %d\n", depth);
			break;
			}
	const namespace_entry& ns = namespaces.top();		const namespace_entry& ns = namespaces.top();
	size_t len;		size_t len;
	const char16_t* prefix16 = block->getNamespacePrefix(&len);		const char16_t* prefix16 = block->getNamespacePrefix(&len);