commit d5151f3c608d7fe4c7af19d1f233004e092c903a
author android-build-team Robot <android-build-team-robot@google.com> Fri Apr 13 22:11:36 2018 +0000
committer android-build-team Robot <android-build-team-robot@google.com> Fri Apr 13 22:11:36 2018 +0000
tree 11d5e9d6bbaef903597d9399008459a678b834c7
parent f994033f998c0bd5f8815f151a648087e9b7a4f4
parent 8257766e842074adf0fb39ca0c9db12463fe59a2

Merge cherrypicks of [3898672, 3898782, 3898835, 3898616, 3898673, 3898682, 3898855, 3898856, 3897559, 3898859, 3898783, 3898784, 3898785, 3898786, 3898787, 3898043, 3898044, 3898045, 3898046, 3898047, 3897866, 3897936, 3898862, 3898726, 3898798, 3898762] into sparse-4669640-L20900000163300080

Change-Id: I6599e91a2afb0b357e64268dea83381d056af9e0

libutils/String16.cpp

diff --git a/libutils/String16.cpp b/libutils/String16.cpp
index ad335c3..e8f1c51 100644
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -79,6 +79,23 @@
     return getEmptyString();
 }
 
+static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {
+    if (u16len >= SIZE_MAX / sizeof(char16_t)) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
+    SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));
+    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
+    if (buf) {
+        char16_t* str = (char16_t*)buf->data();
+        memcpy(str, u16str, u16len * sizeof(char16_t));
+        str[u16len] = 0;
+        return str;
+    }
+    return getEmptyString();
+}
+
 // ---------------------------------------------------------------------------
 
 String16::String16()
@@ -111,35 +128,9 @@
     setTo(o, len, begin);
 }
 
-String16::String16(const char16_t* o)
-{
-    size_t len = strlen16(o);
-    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
-    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
-    if (buf) {
-        char16_t* str = (char16_t*)buf->data();
-        strcpy16(str, o);
-        mString = str;
-        return;
-    }
+String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}
 
-    mString = getEmptyString();
-}
-
-String16::String16(const char16_t* o, size_t len)
-{
-    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
-    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
-    if (buf) {
-        char16_t* str = (char16_t*)buf->data();
-        memcpy(str, o, len*sizeof(char16_t));
-        str[len] = 0;
-        mString = str;
-        return;
-    }
-
-    mString = getEmptyString();
-}
+String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}
 
 String16::String16(const String8& o)
     : mString(allocFromUTF8(o.string(), o.size()))
@@ -201,6 +192,11 @@
 
 status_t String16::setTo(const char16_t* other, size_t len)
 {
+    if (len >= SIZE_MAX / sizeof(char16_t)) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((len+1)*sizeof(char16_t));
     if (buf) {
@@ -224,6 +220,11 @@
         return NO_ERROR;
     }
 
+    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((myLen+otherLen+1)*sizeof(char16_t));
     if (buf) {
@@ -245,6 +246,11 @@
         return NO_ERROR;
     }
 
+    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((myLen+otherLen+1)*sizeof(char16_t));
     if (buf) {