merge in nyc-release history after reset to master
diff --git a/applypatch/Android.mk b/applypatch/Android.mk
index 49f9989..bc2e69e 100644
--- a/applypatch/Android.mk
+++ b/applypatch/Android.mk
@@ -20,7 +20,7 @@
 LOCAL_SRC_FILES := applypatch.cpp bspatch.cpp freecache.cpp imgpatch.cpp utils.cpp
 LOCAL_MODULE := libapplypatch
 LOCAL_MODULE_TAGS := eng
-LOCAL_C_INCLUDES += external/bzip2 external/zlib bootable/recovery
+LOCAL_C_INCLUDES += bootable/recovery
 LOCAL_STATIC_LIBRARIES += libbase libotafault libmtdutils libmincrypt libbz libz
 
 include $(BUILD_STATIC_LIBRARY)
@@ -28,6 +28,30 @@
 include $(CLEAR_VARS)
 
 LOCAL_CLANG := true
+LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp
+LOCAL_MODULE := libimgpatch
+LOCAL_C_INCLUDES += bootable/recovery
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz
+
+include $(BUILD_STATIC_LIBRARY)
+
+ifeq ($(HOST_OS),linux)
+include $(CLEAR_VARS)
+
+LOCAL_CLANG := true
+LOCAL_SRC_FILES := bspatch.cpp imgpatch.cpp utils.cpp
+LOCAL_MODULE := libimgpatch
+LOCAL_C_INCLUDES += bootable/recovery
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+LOCAL_STATIC_LIBRARIES += libmincrypt libbz libz
+
+include $(BUILD_HOST_STATIC_LIBRARY)
+endif  # HOST_OS == linux
+
+include $(CLEAR_VARS)
+
+LOCAL_CLANG := true
 LOCAL_SRC_FILES := main.cpp
 LOCAL_MODULE := applypatch
 LOCAL_C_INCLUDES += bootable/recovery
diff --git a/applypatch/bspatch.cpp b/applypatch/bspatch.cpp
index 9d201b4..75975ad 100644
--- a/applypatch/bspatch.cpp
+++ b/applypatch/bspatch.cpp
@@ -22,6 +22,7 @@
 
 #include <stdio.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #include <errno.h>
 #include <malloc.h>
 #include <unistd.h>
diff --git a/applypatch/imgpatch.cpp b/applypatch/imgpatch.cpp
index 26888f8..3e72b2c 100644
--- a/applypatch/imgpatch.cpp
+++ b/applypatch/imgpatch.cpp
@@ -31,13 +31,22 @@
 #include "imgdiff.h"
 #include "utils.h"
 
+int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size,
+                    const unsigned char* patch_data, ssize_t patch_size,
+                    SinkFn sink, void* token) {
+  Value patch = {VAL_BLOB, patch_size,
+      reinterpret_cast<char*>(const_cast<unsigned char*>(patch_data))};
+  return ApplyImagePatch(
+      old_data, old_size, &patch, sink, token, nullptr, nullptr);
+}
+
 /*
  * Apply the patch given in 'patch_filename' to the source data given
  * by (old_data, old_size).  Write the patched output to the 'output'
  * file, and update the SHA context with the output data as well.
  * Return 0 on success.
  */
-int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size __unused,
+int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size,
                     const Value* patch,
                     SinkFn sink, void* token, SHA_CTX* ctx,
                     const Value* bonus_data) {
@@ -80,6 +89,10 @@
             size_t src_len = Read8(normal_header+8);
             size_t patch_offset = Read8(normal_header+16);
 
+            if (src_start + src_len > static_cast<size_t>(old_size)) {
+                printf("source data too short\n");
+                return -1;
+            }
             ApplyBSDiffPatch(old_data + src_start, src_len,
                              patch, patch_offset, sink, token, ctx);
         } else if (type == CHUNK_RAW) {
@@ -123,6 +136,11 @@
             int memLevel = Read4(deflate_header+52);
             int strategy = Read4(deflate_header+56);
 
+            if (src_start + src_len > static_cast<size_t>(old_size)) {
+                printf("source data too short\n");
+                return -1;
+            }
+
             // Decompress the source data; the chunk header tells us exactly
             // how big we expect it to be when decompressed.
 
diff --git a/applypatch/include/applypatch/imgpatch.h b/applypatch/include/applypatch/imgpatch.h
new file mode 100644
index 0000000..64d9aa9
--- /dev/null
+++ b/applypatch/include/applypatch/imgpatch.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _IMGPATCH_H
+#define _IMGPATCH_H
+
+typedef ssize_t (*SinkFn)(const unsigned char*, ssize_t, void*);
+
+int ApplyImagePatch(const unsigned char* old_data, ssize_t old_size,
+                    const unsigned char* patch_data, ssize_t patch_size,
+                    SinkFn sink, void* token);
+
+#endif  //_IMGPATCH_H
diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp
index de7e481..098a7a9 100644
--- a/uncrypt/uncrypt.cpp
+++ b/uncrypt/uncrypt.cpp
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
+#include <libgen.h>
 #include <linux/fs.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -52,9 +53,12 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include <algorithm>
 #include <memory>
+#include <vector>
 
 #include <android-base/file.h>
+#include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <cutils/android_reboot.h>
 #include <cutils/properties.h>
@@ -78,44 +82,22 @@
         ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno));
         return -1;
     }
-    size_t written = 0;
-    while (written < size) {
-        ssize_t wrote = TEMP_FAILURE_RETRY(write(wfd, buffer + written, size - written));
-        if (wrote == -1) {
-            ALOGE("error writing offset %" PRId64 ": %s\n",
-                  offset + static_cast<off64_t>(written), strerror(errno));
-            return -1;
-        }
-        written += wrote;
+    if (!android::base::WriteFully(wfd, buffer, size)) {
+        ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno));
+        return -1;
     }
     return 0;
 }
 
-static void add_block_to_ranges(int** ranges, int* range_alloc, int* range_used, int new_block) {
-    // If the current block start is < 0, set the start to the new
-    // block.  (This only happens for the very first block of the very
-    // first range.)
-    if ((*ranges)[*range_used*2-2] < 0) {
-        (*ranges)[*range_used*2-2] = new_block;
-        (*ranges)[*range_used*2-1] = new_block;
-    }
-
-    if (new_block == (*ranges)[*range_used*2-1]) {
+static void add_block_to_ranges(std::vector<int>& ranges, int new_block) {
+    if (!ranges.empty() && new_block == ranges.back()) {
         // If the new block comes immediately after the current range,
         // all we have to do is extend the current range.
-        ++(*ranges)[*range_used*2-1];
+        ++ranges.back();
     } else {
         // We need to start a new range.
-
-        // If there isn't enough room in the array, we need to expand it.
-        if (*range_used >= *range_alloc) {
-            *range_alloc *= 2;
-            *ranges = reinterpret_cast<int*>(realloc(*ranges, *range_alloc * 2 * sizeof(int)));
-        }
-
-        ++*range_used;
-        (*ranges)[*range_used*2-2] = new_block;
-        (*ranges)[*range_used*2-1] = new_block+1;
+        ranges.push_back(new_block);
+        ranges.push_back(new_block + 1);
     }
 }
 
@@ -183,12 +165,17 @@
 
 static int produce_block_map(const char* path, const char* map_file, const char* blk_dev,
                              bool encrypted, int status_fd) {
-    int mapfd = open(map_file, O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR);
-    if (mapfd == -1) {
-        ALOGE("failed to open %s\n", map_file);
+    std::string err;
+    if (!android::base::RemoveFileIfExists(map_file, &err)) {
+        ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str());
         return -1;
     }
-    std::unique_ptr<FILE, int(*)(FILE*)> mapf(fdopen(mapfd, "w"), fclose);
+    std::string tmp_map_file = std::string(map_file) + ".tmp";
+    unique_fd mapfd(open(tmp_map_file.c_str(), O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR));
+    if (!mapfd) {
+        ALOGE("failed to open %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        return -1;
+    }
 
     // Make sure we can write to the status_file.
     if (!android::base::WriteStringToFd("0\n", status_fd)) {
@@ -207,37 +194,32 @@
     int blocks = ((sb.st_size-1) / sb.st_blksize) + 1;
     ALOGI("  file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks);
 
-    int range_alloc = 1;
-    int range_used = 1;
-    int* ranges = reinterpret_cast<int*>(malloc(range_alloc * 2 * sizeof(int)));
-    ranges[0] = -1;
-    ranges[1] = -1;
+    std::vector<int> ranges;
 
-    fprintf(mapf.get(), "%s\n%" PRId64 " %ld\n",
-            blk_dev, sb.st_size, static_cast<long>(sb.st_blksize));
+    std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n",
+                       blk_dev, sb.st_size, static_cast<long>(sb.st_blksize));
+    if (!android::base::WriteStringToFd(s, mapfd.get())) {
+        ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        return -1;
+    }
 
-    unsigned char* buffers[WINDOW_SIZE];
+    std::vector<std::vector<unsigned char>> buffers;
     if (encrypted) {
-        for (size_t i = 0; i < WINDOW_SIZE; ++i) {
-            buffers[i] = reinterpret_cast<unsigned char*>(malloc(sb.st_blksize));
-        }
+        buffers.resize(WINDOW_SIZE, std::vector<unsigned char>(sb.st_blksize));
     }
     int head_block = 0;
     int head = 0, tail = 0;
 
-    int fd = open(path, O_RDONLY);
-    unique_fd fd_holder(fd);
-    if (fd == -1) {
-        ALOGE("failed to open fd for reading: %s\n", strerror(errno));
+    unique_fd fd(open(path, O_RDONLY));
+    if (!fd) {
+        ALOGE("failed to open %s for reading: %s\n", path, strerror(errno));
         return -1;
     }
 
-    int wfd = -1;
-    unique_fd wfd_holder(wfd);
+    unique_fd wfd(-1);
     if (encrypted) {
         wfd = open(blk_dev, O_WRONLY);
-        wfd_holder = unique_fd(wfd);
-        if (wfd == -1) {
+        if (!wfd) {
             ALOGE("failed to open fd for writing: %s\n", strerror(errno));
             return -1;
         }
@@ -256,13 +238,13 @@
         if ((tail+1) % WINDOW_SIZE == head) {
             // write out head buffer
             int block = head_block;
-            if (ioctl(fd, FIBMAP, &block) != 0) {
+            if (ioctl(fd.get(), FIBMAP, &block) != 0) {
                 ALOGE("failed to find block %d\n", head_block);
                 return -1;
             }
-            add_block_to_ranges(&ranges, &range_alloc, &range_used, block);
+            add_block_to_ranges(ranges, block);
             if (encrypted) {
-                if (write_at_offset(buffers[head], sb.st_blksize, wfd,
+                if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(),
                         static_cast<off64_t>(sb.st_blksize) * block) != 0) {
                     return -1;
                 }
@@ -273,17 +255,13 @@
 
         // read next block to tail
         if (encrypted) {
-            size_t so_far = 0;
-            while (so_far < static_cast<size_t>(sb.st_blksize) && pos < sb.st_size) {
-                ssize_t this_read =
-                        TEMP_FAILURE_RETRY(read(fd, buffers[tail] + so_far, sb.st_blksize - so_far));
-                if (this_read == -1) {
-                    ALOGE("failed to read: %s\n", strerror(errno));
-                    return -1;
-                }
-                so_far += this_read;
-                pos += this_read;
+            size_t to_read = static_cast<size_t>(
+                    std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos));
+            if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) {
+                ALOGE("failed to read: %s\n", strerror(errno));
+                return -1;
             }
+            pos += to_read;
         } else {
             // If we're not encrypting; we don't need to actually read
             // anything, just skip pos forward as if we'd read a
@@ -296,13 +274,13 @@
     while (head != tail) {
         // write out head buffer
         int block = head_block;
-        if (ioctl(fd, FIBMAP, &block) != 0) {
+        if (ioctl(fd.get(), FIBMAP, &block) != 0) {
             ALOGE("failed to find block %d\n", head_block);
             return -1;
         }
-        add_block_to_ranges(&ranges, &range_alloc, &range_used, block);
+        add_block_to_ranges(ranges, block);
         if (encrypted) {
-            if (write_at_offset(buffers[head], sb.st_blksize, wfd,
+            if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(),
                     static_cast<off64_t>(sb.st_blksize) * block) != 0) {
                 return -1;
             }
@@ -311,22 +289,62 @@
         ++head_block;
     }
 
-    fprintf(mapf.get(), "%d\n", range_used);
-    for (int i = 0; i < range_used; ++i) {
-        fprintf(mapf.get(), "%d %d\n", ranges[i*2], ranges[i*2+1]);
-    }
-
-    if (fsync(mapfd) == -1) {
-        ALOGE("failed to fsync \"%s\": %s\n", map_file, strerror(errno));
+    if (!android::base::WriteStringToFd(
+            android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) {
+        ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
         return -1;
     }
-    if (encrypted) {
-        if (fsync(wfd) == -1) {
-            ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno));
+    for (size_t i = 0; i < ranges.size(); i += 2) {
+        if (!android::base::WriteStringToFd(
+                android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) {
+            ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
             return -1;
         }
     }
 
+    if (fsync(mapfd.get()) == -1) {
+        ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno));
+        return -1;
+    }
+    if (close(mapfd.get() == -1)) {
+        ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+        return -1;
+    }
+    mapfd = -1;
+
+    if (encrypted) {
+        if (fsync(wfd.get()) == -1) {
+            ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno));
+            return -1;
+        }
+        if (close(wfd.get()) == -1) {
+            ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno));
+            return -1;
+        }
+        wfd = -1;
+    }
+
+    if (rename(tmp_map_file.c_str(), map_file) == -1) {
+        ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno));
+        return -1;
+    }
+    // Sync dir to make rename() result written to disk.
+    std::string file_name = map_file;
+    std::string dir_name = dirname(&file_name[0]);
+    unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY));
+    if (!dfd) {
+        ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno));
+        return -1;
+    }
+    if (fsync(dfd.get()) == -1) {
+        ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno));
+        return -1;
+    }
+    if (close(dfd.get() == -1)) {
+        ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno));
+        return -1;
+    }
+    dfd = -1;
     return 0;
 }