diff options
| author | Andreas Gampe <agampe@google.com> | 2014-09-02 11:17:34 -0700 |
|---|---|---|
| committer | Andreas Gampe <agampe@google.com> | 2014-09-02 16:56:09 -0700 |
| commit | d4ae41fd7a4ed711277c61c0d7fd2a3759458728 (patch) | |
| tree | 98d7816eaef9be812dd0169d654ef38532936b2c /runtime/dex_file_verifier.h | |
| parent | 6e3604287f73fbc58d8297c0bca6bfe808524a2b (diff) | |
| download | android_art-d4ae41fd7a4ed711277c61c0d7fd2a3759458728.tar.gz android_art-d4ae41fd7a4ed711277c61c0d7fd2a3759458728.tar.bz2 android_art-d4ae41fd7a4ed711277c61c0d7fd2a3759458728.zip | |
ART: Tighten verifier list reading and offsets
Check offsets and sizes for header entries of a dex file.
Bug: 17347459
(cherry picked from commit 78d639ef4be3ad7314846e1e6c1261d7d30f83fa)
Change-Id: Ia1727c33dea51f7a8e345f3799f1ba414708239c
Diffstat (limited to 'runtime/dex_file_verifier.h')
| -rw-r--r-- | runtime/dex_file_verifier.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/runtime/dex_file_verifier.h b/runtime/dex_file_verifier.h index 1d915b93fd..606da54225 100644 --- a/runtime/dex_file_verifier.h +++ b/runtime/dex_file_verifier.h @@ -43,6 +43,12 @@ class DexFileVerifier { bool CheckShortyDescriptorMatch(char shorty_char, const char* descriptor, bool is_return_type); bool CheckListSize(const void* start, size_t count, size_t element_size, const char* label); + // Check a list. The head is assumed to be at *ptr, and elements to be of size element_size. If + // successful, the ptr will be moved forward the amount covered by the list. + bool CheckList(size_t element_size, const char* label, const byte* *ptr); + // Checks whether the offset is zero (when size is zero) or that the offset falls within the area + // claimed by the file. + bool CheckValidOffsetAndSize(uint32_t offset, uint32_t size, const char* label); bool CheckIndex(uint32_t field, uint32_t limit, const char* label); bool CheckHeader(); |