Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0648d8d authored by Steven Moreland's avatar Steven Moreland
Browse files

String16: remove integer overflows 

Bug: 73826242
Test: manual
Change-Id: I32e13d61b944c1a527cf2d95473552d246e322be
Merged-In: I32e13d61b944c1a527cf2d95473552d246e322be
parent 29d05404

libutils/String16.cpp

+36 −30
Original line number Diff line number Diff line
@@ -83,6 +83,23 @@ static char16_t* allocFromUTF8(const char* u8str, size_t u8len) 
    return getEmptyString();

}



static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {

    if (u16len >= SIZE_MAX / sizeof(char16_t)) {

        android_errorWriteLog(0x534e4554, "73826242");

        abort();

    }



    SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));

    ALOG_ASSERT(buf, "Unable to allocate shared buffer");

    if (buf) {

        char16_t* str = (char16_t*)buf->data();

        memcpy(str, u16str, u16len * sizeof(char16_t));

        str[u16len] = 0;

        return str;

    }

    return getEmptyString();

}



// ---------------------------------------------------------------------------



String16::String16()
@@ -115,35 +132,9 @@ String16::String16(const String16& o, size_t len, size_t begin) 
    setTo(o, len, begin);

}



String16::String16(const char16_t* o)

{

    size_t len = strlen16(o);

    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));

    ALOG_ASSERT(buf, "Unable to allocate shared buffer");

    if (buf) {

        char16_t* str = (char16_t*)buf->data();

        strcpy16(str, o);

        mString = str;

        return;

    }

    

    mString = getEmptyString();

}



String16::String16(const char16_t* o, size_t len)

{

    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));

    ALOG_ASSERT(buf, "Unable to allocate shared buffer");

    if (buf) {

        char16_t* str = (char16_t*)buf->data();

        memcpy(str, o, len*sizeof(char16_t));

        str[len] = 0;

        mString = str;

        return;

    }

String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}



    mString = getEmptyString();

}

String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}



String16::String16(const String8& o)

    : mString(allocFromUTF8(o.string(), o.size()))
@@ -200,6 +191,11 @@ status_t String16::setTo(const char16_t* other) 


status_t String16::setTo(const char16_t* other, size_t len)

{

    if (len >= SIZE_MAX / sizeof(char16_t)) {

        android_errorWriteLog(0x534e4554, "73826242");

        abort();

    }



    SharedBuffer* buf = SharedBuffer::bufferFromData(mString)

        ->editResize((len+1)*sizeof(char16_t));

    if (buf) {
@@ -223,6 +219,11 @@ status_t String16::append(const String16& other) 
        return NO_ERROR;

    }



    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {

        android_errorWriteLog(0x534e4554, "73826242");

        abort();

    }



    SharedBuffer* buf = SharedBuffer::bufferFromData(mString)

        ->editResize((myLen+otherLen+1)*sizeof(char16_t));

    if (buf) {
@@ -244,6 +245,11 @@ status_t String16::append(const char16_t* chrs, size_t otherLen) 
        return NO_ERROR;

    }



    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {

        android_errorWriteLog(0x534e4554, "73826242");

        abort();

    }



    SharedBuffer* buf = SharedBuffer::bufferFromData(mString)

        ->editResize((myLen+otherLen+1)*sizeof(char16_t));

    if (buf) {