Check for overflow before allocating memory fore decompression.
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.
Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
diff --git a/install/wipe_device.cpp b/install/wipe_device.cpp
index 0f896c4..915c87b 100644
--- a/install/wipe_device.cpp
+++ b/install/wipe_device.cpp
@@ -51,7 +51,12 @@
std::string partition_list_content;
ZipEntry64 entry;
if (FindEntry(zip, RECOVERY_WIPE_ENTRY_NAME, &entry) == 0) {
- uint32_t length = entry.uncompressed_length;
+ auto length = entry.uncompressed_length;
+ if (length > std::numeric_limits<size_t>::max()) {
+ LOG(ERROR) << "Failed to extract " << RECOVERY_WIPE_ENTRY_NAME
+ << " because's uncompressed size exceeds size of address space. " << length;
+ return {};
+ }
partition_list_content = std::string(length, '\0');
if (auto err = ExtractToMemory(
zip, &entry, reinterpret_cast<uint8_t*>(partition_list_content.data()), length);