Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b39ebe1 authored by Sergio Giro's avatar Sergio Giro
Browse files

Add bound checks to utf16_to_utf8 

Bug: 29250543
Change-Id: I518e7b2fe10aaa3f1c1987586a09b1110aff7e1a
(cherry picked from commit 7e93b2dd)
parent 20e2095c

libs/binder/Parcel.cpp

+6 −5
Original line number Diff line number Diff line
@@ -1795,15 +1795,16 @@ status_t Parcel::readUtf8FromUtf16(std::string* str) const { 
       return NO_ERROR;

    }



    ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size);

    if (utf8Size < 0) {

    // Allow for closing '\0'

    ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size) + 1;

    if (utf8Size < 1) {

        return BAD_VALUE;

    }

    // Note that while it is probably safe to assume string::resize keeps a

    // spare byte around for the trailing null, we're going to be explicit.

    str->resize(utf8Size + 1);

    utf16_to_utf8(src, utf16Size, &((*str)[0]));

    // spare byte around for the trailing null, we still pass the size including the trailing null

    str->resize(utf8Size);

    utf16_to_utf8(src, utf16Size, &((*str)[0]), utf8Size);

    str->resize(utf8Size - 1);

    return NO_ERROR;

}