summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTao Bao2018-04-24 12:54:21 -0500
committerTao Bao2018-04-24 20:10:42 -0500
commit41cf35f8b2795276280572cf4d06c58954d45ca4 (patch)
tree0eb3a9bc91e7fae881af8c662832f53ac95df472
parenta3721db3338c051c7f31fc6e70ca08c740e28761 (diff)
downloadplatform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.tar.gz
platform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.tar.xz
platform-system-core-41cf35f8b2795276280572cf4d06c58954d45ca4.zip
fastboot: sparse_file_len() returns int64_t.
Check that the value fits in uint32_t that's supported by the current protocol. Also fix and sanity check the max_size before passing it to sparse_file_resparse(), which accepts `unsigned int`. This shouldn't happen in practice because of RESPARSE_LIMIT (1 GiB). Test: `fastboot flash` with small and large images. Change-Id: I0a8279fc14c54c40a70ddce65c3b25173c0d0a40
-rw-r--r--fastboot/fastboot.cpp6
-rw-r--r--fastboot/protocol.cpp6
2 files changed, 8 insertions, 4 deletions
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 780ff50db..51b3f0c06 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -693,10 +693,14 @@ static void queue_info_dump() {
693 fb_queue_notice("--------------------------------------------"); 693 fb_queue_notice("--------------------------------------------");
694} 694}
695 695
696static struct sparse_file** load_sparse_files(int fd, int max_size) { 696static struct sparse_file** load_sparse_files(int fd, int64_t max_size) {
697 struct sparse_file* s = sparse_file_import_auto(fd, false, true); 697 struct sparse_file* s = sparse_file_import_auto(fd, false, true);
698 if (!s) die("cannot sparse read file"); 698 if (!s) die("cannot sparse read file");
699 699
700 if (max_size <= 0 || max_size > std::numeric_limits<uint32_t>::max()) {
701 die("invalid max size %" PRId64, max_size);
702 }
703
700 int files = sparse_file_resparse(s, max_size, nullptr, 0); 704 int files = sparse_file_resparse(s, max_size, nullptr, 0);
701 if (files < 0) die("Failed to resparse"); 705 if (files < 0) die("Failed to resparse");
702 706
diff --git a/fastboot/protocol.cpp b/fastboot/protocol.cpp
index a08956749..7a333ee06 100644
--- a/fastboot/protocol.cpp
+++ b/fastboot/protocol.cpp
@@ -344,12 +344,12 @@ static int fb_download_data_sparse_flush(Transport* transport) {
344} 344}
345 345
346int fb_download_data_sparse(Transport* transport, struct sparse_file* s) { 346int fb_download_data_sparse(Transport* transport, struct sparse_file* s) {
347 int size = sparse_file_len(s, true, false); 347 int64_t size = sparse_file_len(s, true, false);
348 if (size <= 0) { 348 if (size <= 0 || size > std::numeric_limits<uint32_t>::max()) {
349 return -1; 349 return -1;
350 } 350 }
351 351
352 std::string cmd(android::base::StringPrintf("download:%08x", size)); 352 std::string cmd(android::base::StringPrintf("download:%08" PRIx64, size));
353 int r = _command_start(transport, cmd, size, 0); 353 int r = _command_start(transport, cmd, size, 0);
354 if (r < 0) { 354 if (r < 0) {
355 return -1; 355 return -1;