Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c591f88f authored by Keun Soo Yim's avatar Keun Soo Yim
Browse files

add checks to avoid potential buffer overflows and prevent exceptions 

number_platform_modes variable is from another module (e.g.,
eModule->get_number_of_platform_modes(mModule)) and thus can be
a big number. If a big number is used as the size of new operation,
it can cause an exception as is.

Test: mma
Change-Id: I6cf6027804be980ad39c80a1571b284efabce7e8
parent 15336c44

power/1.0/default/Power.cpp

+8 −2
Original line number Diff line number Diff line
@@ -78,7 +78,9 @@ Return<void> Power::getPlatformLowPowerStats(getPlatformLowPowerStats_cb _hidl_c 
    number_platform_modes = mModule->get_number_of_platform_modes(mModule);

    if (number_platform_modes > 0)

    {

       voters = new size_t [number_platform_modes];

       if (SIZE_MAX / sizeof(size_t) <= number_platform_modes)  // overflow

           goto done;

       voters = new (std::nothrow) size_t [number_platform_modes];

       if (voters == nullptr)

           goto done;
@@ -86,7 +88,11 @@ Return<void> Power::getPlatformLowPowerStats(getPlatformLowPowerStats_cb _hidl_c 
       if (ret != 0)

           goto done;



       legacy_states = new power_state_platform_sleep_state_t [number_platform_modes];

       if (SIZE_MAX / sizeof(power_state_platform_sleep_state_t)

           <= number_platform_modes)  // overflow

           goto done;

       legacy_states = new (std::nothrow)

           power_state_platform_sleep_state_t [number_platform_modes];

       if (legacy_states == nullptr)

           goto done;