Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c76698f2 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

VectorImpl.cpp: fix benign multiplication overflow

j is a ssize_t, which can go negative. If it goes negative,
the resulting multiplication of mItemSize*j doesn't make
any sense. Since the value is never used, just don't perform
the calculation if j < 0.

Bug: 23607865
Change-Id: I14f6f6506645d582f7d67a2e2d60ead3cb18b957
parent f4355868
Loading
Loading
Loading
Loading
+4 −1
Original line number Diff line number Diff line
@@ -198,7 +198,10 @@ status_t VectorImpl::sort(VectorImpl::compar_r_t cmp, void* state)
                    _do_copy(next, curr, 1);
                    next = curr;
                    --j;
                    curr = NULL;
                    if (j >= 0) {
                        curr = reinterpret_cast<char*>(array) + mItemSize*(j);
                    }
                } while (j>=0 && (cmp(curr, temp, state) > 0));

                _do_destroy(next, 1);