Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb6de6f5 authored by Fyodor Kupolov's avatar Fyodor Kupolov
Browse files

Throw exception if slot has invalid offset 

Previously the process would crash, which is OK, but complicates testing.

Test: cts-tradefed run cts --module CtsContentTestCases
      --test android.content.cts.ContentProviderCursorWindowTest
Bug: 34128677

Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
parent fbe85538

core/jni/android_database_CursorWindow.cpp

+8 −0
Original line number Diff line number Diff line
@@ -205,6 +205,10 @@ static jbyteArray nativeGetBlob(JNIEnv* env, jclass clazz, jlong windowPtr, 
    if (type == CursorWindow::FIELD_TYPE_BLOB || type == CursorWindow::FIELD_TYPE_STRING) {

        size_t size;

        const void* value = window->getFieldSlotValueBlob(fieldSlot, &size);

        if (!value) {

            throw_sqlite3_exception(env, "Native could not read blob slot");

            return NULL;

        }

        jbyteArray byteArray = env->NewByteArray(size);

        if (!byteArray) {

            env->ExceptionClear();
@@ -240,6 +244,10 @@ static jstring nativeGetString(JNIEnv* env, jclass clazz, jlong windowPtr, 
    if (type == CursorWindow::FIELD_TYPE_STRING) {

        size_t sizeIncludingNull;

        const char* value = window->getFieldSlotValueString(fieldSlot, &sizeIncludingNull);

        if (!value) {

            throw_sqlite3_exception(env, "Native could not read string slot");

            return NULL;

        }

        if (sizeIncludingNull <= 1) {

            return gEmptyString;

        }