Fix integer overflows in recovery procedure.
Bug: 26960931
Change-Id: Ieae45caccfb4728fcf514f0d920976585d8e6caf
diff --git a/updater/updater.cpp b/updater/updater.cpp
index 0f22e6d..80e7503 100644
--- a/updater/updater.cpp
+++ b/updater/updater.cpp
@@ -19,6 +19,8 @@
#include <stdlib.h>
#include <string.h>
+#include <string>
+
#include "edify/expr.h"
#include "updater.h"
#include "install.h"
@@ -89,12 +91,11 @@
return 4;
}
- char* script = reinterpret_cast<char*>(malloc(script_entry->uncompLen+1));
- if (!mzReadZipEntry(&za, script_entry, script, script_entry->uncompLen)) {
+ std::string script(script_entry->uncompLen, '\0');
+ if (!mzReadZipEntry(&za, script_entry, &script[0], script_entry->uncompLen)) {
printf("failed to read script from package\n");
return 5;
}
- script[script_entry->uncompLen] = '\0';
// Configure edify's functions.
@@ -108,7 +109,7 @@
Expr* root;
int error_count = 0;
- int error = parse_string(script, &root, &error_count);
+ int error = parse_string(script.c_str(), &root, &error_count);
if (error != 0 || error_count > 0) {
printf("%d parse errors\n", error_count);
return 6;
@@ -135,7 +136,7 @@
State state;
state.cookie = &updater_info;
- state.script = script;
+ state.script = &script[0];
state.errmsg = NULL;
char* result = Evaluate(&state, root);
@@ -163,7 +164,5 @@
mzCloseZipArchive(updater_info.package_zip);
}
sysReleaseMap(&map);
- free(script);
-
return 0;
}