diff options
author | Tao Bao | 2018-04-24 12:54:21 -0500 |
---|---|---|
committer | Tao Bao | 2018-04-24 20:10:42 -0500 |
commit | 41cf35f8b2795276280572cf4d06c58954d45ca4 (patch) | |
tree | 0eb3a9bc91e7fae881af8c662832f53ac95df472 | |
parent | a3721db3338c051c7f31fc6e70ca08c740e28761 (diff) | |
download | platform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.tar.gz platform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.tar.xz platform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.zip |
fastboot: sparse_file_len() returns int64_t.
Check that the value fits in uint32_t that's supported by the current
protocol.
Also fix and sanity check the max_size before passing it to
sparse_file_resparse(), which accepts `unsigned int`. This shouldn't
happen in practice because of RESPARSE_LIMIT (1 GiB).
Test: `fastboot flash` with small and large images.
Change-Id: I0a8279fc14c54c40a70ddce65c3b25173c0d0a40
-rw-r--r-- | fastboot/fastboot.cpp | 6 | ||||
-rw-r--r-- | fastboot/protocol.cpp | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp index 780ff50db..51b3f0c06 100644 --- a/fastboot/fastboot.cpp +++ b/fastboot/fastboot.cpp | |||
@@ -693,10 +693,14 @@ static void queue_info_dump() { | |||
693 | fb_queue_notice("--------------------------------------------"); | 693 | fb_queue_notice("--------------------------------------------"); |
694 | } | 694 | } |
695 | 695 | ||
696 | static struct sparse_file** load_sparse_files(int fd, int max_size) { | 696 | static struct sparse_file** load_sparse_files(int fd, int64_t max_size) { |
697 | struct sparse_file* s = sparse_file_import_auto(fd, false, true); | 697 | struct sparse_file* s = sparse_file_import_auto(fd, false, true); |
698 | if (!s) die("cannot sparse read file"); | 698 | if (!s) die("cannot sparse read file"); |
699 | 699 | ||
700 | if (max_size <= 0 || max_size > std::numeric_limits<uint32_t>::max()) { | ||
701 | die("invalid max size %" PRId64, max_size); | ||
702 | } | ||
703 | |||
700 | int files = sparse_file_resparse(s, max_size, nullptr, 0); | 704 | int files = sparse_file_resparse(s, max_size, nullptr, 0); |
701 | if (files < 0) die("Failed to resparse"); | 705 | if (files < 0) die("Failed to resparse"); |
702 | 706 | ||
diff --git a/fastboot/protocol.cpp b/fastboot/protocol.cpp index a08956749..7a333ee06 100644 --- a/fastboot/protocol.cpp +++ b/fastboot/protocol.cpp | |||
@@ -344,12 +344,12 @@ static int fb_download_data_sparse_flush(Transport* transport) { | |||
344 | } | 344 | } |
345 | 345 | ||
346 | int fb_download_data_sparse(Transport* transport, struct sparse_file* s) { | 346 | int fb_download_data_sparse(Transport* transport, struct sparse_file* s) { |
347 | int size = sparse_file_len(s, true, false); | 347 | int64_t size = sparse_file_len(s, true, false); |
348 | if (size <= 0) { | 348 | if (size <= 0 || size > std::numeric_limits<uint32_t>::max()) { |
349 | return -1; | 349 | return -1; |
350 | } | 350 | } |
351 | 351 | ||
352 | std::string cmd(android::base::StringPrintf("download:%08x", size)); | 352 | std::string cmd(android::base::StringPrintf("download:%08" PRIx64, size)); |
353 | int r = _command_start(transport, cmd, size, 0); | 353 | int r = _command_start(transport, cmd, size, 0); |
354 | if (r < 0) { | 354 | if (r < 0) { |
355 | return -1; | 355 | return -1; |