Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 41cf35f8 authored Apr 24, 2018 by Tao Bao

fastboot: sparse_file_len() returns int64_t.

Check that the value fits in uint32_t that's supported by the current
protocol.

Also fix and sanity check the max_size before passing it to
sparse_file_resparse(), which accepts `unsigned int`. This shouldn't
happen in practice because of RESPARSE_LIMIT (1 GiB).

Test: `fastboot flash` with small and large images.
Change-Id: I0a8279fc14c54c40a70ddce65c3b25173c0d0a40

parent a3721db3

fastboot/fastboot.cpp

+5 −1

Original line number	Diff line number	Diff line
		@@ -693,10 +693,14 @@ static void queue_info_dump() {
		fb_queue_notice("--------------------------------------------");
		}

		static struct sparse_file** load_sparse_files(int fd, int max_size) {
		static struct sparse_file** load_sparse_files(int fd, int64_t max_size) {
		struct sparse_file* s = sparse_file_import_auto(fd, false, true);
		if (!s) die("cannot sparse read file");

		if (max_size <= 0 \|\| max_size > std::numeric_limits<uint32_t>::max()) {
		die("invalid max size %" PRId64, max_size);
		}

		int files = sparse_file_resparse(s, max_size, nullptr, 0);
		if (files < 0) die("Failed to resparse");

fastboot/protocol.cpp

+3 −3

Original line number	Diff line number	Diff line
		@@ -344,12 +344,12 @@ static int fb_download_data_sparse_flush(Transport* transport) {
		}

		int fb_download_data_sparse(Transport* transport, struct sparse_file* s) {
		int size = sparse_file_len(s, true, false);
		if (size <= 0) {
		int64_t size = sparse_file_len(s, true, false);
		if (size <= 0 \|\| size > std::numeric_limits<uint32_t>::max()) {
		return -1;
		}

		std::string cmd(android::base::StringPrintf("download:%08x", size));
		std::string cmd(android::base::StringPrintf("download:%08" PRIx64, size));
		int r = _command_start(transport, cmd, size, 0);
		if (r < 0) {
		return -1;