Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c76698f2 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

VectorImpl.cpp: fix benign multiplication overflow 

j is a ssize_t, which can go negative. If it goes negative,
the resulting multiplication of mItemSize*j doesn't make
any sense. Since the value is never used, just don't perform
the calculation if j < 0.

Bug: 23607865
Change-Id: I14f6f6506645d582f7d67a2e2d60ead3cb18b957
parent f4355868

libutils/VectorImpl.cpp

+4 −1
Original line number Diff line number Diff line
@@ -198,7 +198,10 @@ status_t VectorImpl::sort(VectorImpl::compar_r_t cmp, void* state) 
                    _do_copy(next, curr, 1);

                    next = curr;

                    --j;

                    curr = NULL;

                    if (j >= 0) {

                        curr = reinterpret_cast<char*>(array) + mItemSize*(j);

                    }

                } while (j>=0 && (cmp(curr, temp, state) > 0));



                _do_destroy(next, 1);