Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8fa8f0b1 authored by Tianjie Xu's avatar Tianjie Xu
Browse files

Fix potential OOM in update_verifier 

Limit the size of each read to 1024 * BLOCKSIZE. (Same as the I/O limit
of each transfer command for block based OTA).

Bug: 37729708
Test: U_V sets slot successfully on sailfish, and it takes about ~20s
(no noticeable time increase)
Change-Id: I7a6cdc744fe4c0760e09e0afed75b89c16d8eac3
parent c99bb239

update_verifier/update_verifier.cpp

+11 −6
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ 
#include <string.h>

#include <unistd.h>



#include <algorithm>

#include <string>

#include <vector>
@@ -142,18 +143,22 @@ static bool read_blocks(const std::string& partition, const std::string& range_s 
      return false;

    }



    static constexpr int BLOCKSIZE = 4096;

    static constexpr size_t BLOCKSIZE = 4096;

    if (lseek64(fd.get(), static_cast<off64_t>(range_start) * BLOCKSIZE, SEEK_SET) == -1) {

      PLOG(ERROR) << "lseek to " << range_start << " failed";

      return false;

    }



    size_t size = (range_end - range_start) * BLOCKSIZE;

    std::vector<uint8_t> buf(size);

    if (!android::base::ReadFully(fd.get(), buf.data(), size)) {

    size_t remain = (range_end - range_start) * BLOCKSIZE;

    while (remain > 0) {

      size_t to_read = std::min(remain, 1024 * BLOCKSIZE);

      std::vector<uint8_t> buf(to_read);

      if (!android::base::ReadFully(fd.get(), buf.data(), to_read)) {

        PLOG(ERROR) << "Failed to read blocks " << range_start << " to " << range_end;

        return false;

      }

      remain -= to_read;

    }

    blk_count += (range_end - range_start);

  }