Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 65a8f07e authored by Casey Dahlin's avatar Casey Dahlin
Browse files

Fix integer overflow in unsafeReadTypedVector 

Passing a size to std::vector that is too big causes it to silently
under-allocate when exceptions are disabled, leaving us open to an OOB
write. We check the bounds and the resulting size now to verify
allocation succeeds.

Test: Verified reproducer attached to bug no longer crashes Camera
      service.
Bug: 31677614

Change-Id: I064b1442838032d93658f8bf63b7aa6d021c99b7
parent 82110471
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment