Fix integer overflows in recovery procedure.

#include <fcntl.h>

#include <limits.h>

#include <stdbool.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

    pMap->length = sb.st_size;

    pMap->range_count = 1;

    pMap->ranges = malloc(sizeof(MappedRange));

    if (pMap->ranges == NULL) {

        LOGE("malloc failed: %s\n", strerror(errno));

        munmap(memPtr, sb.st_size);

        return false;

    }

    pMap->ranges[0].addr = memPtr;

    pMap->ranges[0].length = sb.st_size;

    char block_dev[PATH_MAX+1];

    size_t size;

    unsigned int blksize;

    unsigned int blocks;

    size_t blocks;

    unsigned int range_count;

    unsigned int i;

        LOGE("failed to parse block map header\n");

        return -1;

    }

    if (blksize != 0) {

        blocks = ((size-1) / blksize) + 1;

    }

    if (size == 0 || blksize == 0 || blocks > SIZE_MAX / blksize) {

        LOGE("invalid data in block map file: size %zu, blksize %u, range_count %u\n",

             size, blksize, range_count);

        return -1;

    }

    pMap->range_count = range_count;

    pMap->ranges = malloc(range_count * sizeof(MappedRange));

    memset(pMap->ranges, 0, range_count * sizeof(MappedRange));

    pMap->ranges = calloc(range_count, sizeof(MappedRange));

    if (pMap->ranges == NULL) {

        LOGE("calloc(%u, %zu) failed: %s\n", range_count, sizeof(MappedRange), strerror(errno));

        return -1;

    }

    // Reserve enough contiguous address space for the whole file.

    unsigned char* reserve;

    reserve = mmap64(NULL, blocks * blksize, PROT_NONE, MAP_PRIVATE | MAP_ANON, -1, 0);

    if (reserve == MAP_FAILED) {

        LOGE("failed to reserve address space: %s\n", strerror(errno));

        free(pMap->ranges);

        return -1;

    }

    int fd = open(block_dev, O_RDONLY);

    if (fd < 0) {

        LOGE("failed to open block device %s: %s\n", block_dev, strerror(errno));

        munmap(reserve, blocks * blksize);

        free(pMap->ranges);

        return -1;

    }

        int start, end;

        if (fscanf(mapf, "%d %d\n", &start, &end) != 2) {

            LOGE("failed to parse range %d in block map\n", i);

            munmap(reserve, blocks * blksize);

            free(pMap->ranges);

            return -1;

        }

        void* addr = mmap64(next, (end-start)*blksize, PROT_READ, MAP_PRIVATE | MAP_FIXED, fd, ((off64_t)start)*blksize);

        if (addr == MAP_FAILED) {

            LOGE("failed to map block %d: %s\n", i, strerror(errno));

            munmap(reserve, blocks * blksize);

            free(pMap->ranges);

            return -1;

        }

        pMap->ranges[i].addr = addr;

#include <stdlib.h>

#include <string.h>

#include <string>

#include "edify/expr.h"

#include "updater.h"

#include "install.h"

        return 4;

    }

    char* script = reinterpret_cast<char*>(malloc(script_entry->uncompLen+1));

    if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) {

    std::string script(script_entry->uncompLen, '\0');

    if (!mzReadZipEntry(&za, script_entry, &script[0], script_entry->uncompLen)) {

        printf("failed to read script from package\n");

        return 5;

    }

    script[script_entry->uncompLen] = '\0';

    // Configure edify's functions.

    Expr* root;

    int error_count = 0;

    int error = parse_string(script, &root, &error_count);

    int error = parse_string(script.c_str(), &root, &error_count);

    if (error != 0 || error_count > 0) {

        printf("%d parse errors\n", error_count);

        return 6;

    State state;

    state.cookie = &updater_info;

    state.script = script;

    state.script = &script[0];

    state.errmsg = NULL;

    char* result = Evaluate(&state, root);

        mzCloseZipArchive(updater_info.package_zip);

    }

    sysReleaseMap(&map);

    free(script);

    return 0;

}