Check for overflow in String8::real_append. (59682761) · Commits · e / os / android_system_core

libutils/String8.cpp

+14 −12

Original line number	Diff line number	Diff line
		@@ -327,13 +327,17 @@ status_t String8::appendFormatV(const char* fmt, va_list args)
		return result;
		}

		status_t String8::real_append(const char* other, size_t otherLen)
		{
		status_t String8::real_append(const char* other, size_t otherLen) {
		const size_t myLen = bytes();

		SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
		->editResize(myLen+otherLen+1);
		if (buf) {
		SharedBuffer* buf;
		size_t newLen;
		if (__builtin_add_overflow(myLen, otherLen, &newLen) \|\|
		__builtin_add_overflow(newLen, 1, &newLen) \|\|
		(buf = SharedBuffer::bufferFromData(mString)->editResize(newLen)) == nullptr) {
		return NO_MEMORY;
		}

		char* str = (char*)buf->data();
		mString = str;
		str += myLen;
		@@ -341,8 +345,6 @@ status_t String8::real_append(const char* other, size_t otherLen)
		str[otherLen] = '\0';
		return OK;
		}
		return NO_MEMORY;
		}

		char* String8::lockBuffer(size_t size)
		{

+13 −1

Original line number	Diff line number	Diff line
		@@ -15,13 +15,14 @@
		*/

		#define LOG_TAG "String8_test"

		#include <utils/Log.h>
		#include <utils/String8.h>
		#include <utils/String16.h>

		#include <gtest/gtest.h>

		namespace android {
		using namespace android;

		class String8Test : public testing::Test {
		protected:
		@@ -101,4 +102,15 @@ TEST_F(String8Test, ValidUtf16Conversion) {
		String8 valid = String8(String16(tmp));
		EXPECT_STREQ(valid, "abcdef");
		}

		TEST_F(String8Test, append) {
		String8 s;
		EXPECT_EQ(OK, s.append("foo"));
		EXPECT_STREQ("foo", s);
		EXPECT_EQ(OK, s.append("bar"));
		EXPECT_STREQ("foobar", s);
		EXPECT_EQ(OK, s.append("baz", 0));
		EXPECT_STREQ("foobar", s);
		EXPECT_EQ(NO_MEMORY, s.append("baz", SIZE_MAX));
		EXPECT_STREQ("foobar", s);
		}