Check for overflow before allocating memory fore decompression. On 32bit devices, an ZipEntry64 may have size > 2^32, we should check for such cases before attempting to allocate memory. Test: mm -j Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce

commit: d1ba38f7c96e74901779089fea6d09b0c7c2521d [log] [tgz]
author: Kelvin Zhang <zhangkelvin@google.com> Thu Sep 17 11:32:29 2020 -0400
committer: Kelvin Zhang <zhangkelvin@google.com> Fri Sep 18 17:41:51 2020 -0400
tree: f892e9ca467b4f751345a2a3200caf8903a217c9
parent: a35202befd6460a30330d57e7e69564bc6fb29f9 [diff] [blame]
diff --git a/install/wipe_device.cpp b/install/wipe_device.cpp
index 0f896c4..915c87b 100644
--- a/install/wipe_device.cpp
+++ b/install/wipe_device.cpp

@@ -51,7 +51,12 @@
   std::string partition_list_content;
   ZipEntry64 entry;
   if (FindEntry(zip, RECOVERY_WIPE_ENTRY_NAME, &entry) == 0) {
-    uint32_t length = entry.uncompressed_length;
+    auto length = entry.uncompressed_length;
+    if (length > std::numeric_limits<size_t>::max()) {
+      LOG(ERROR) << "Failed to extract " << RECOVERY_WIPE_ENTRY_NAME
+                 << " because's uncompressed size exceeds size of address space. " << length;
+      return {};
+    }
     partition_list_content = std::string(length, '\0');
     if (auto err = ExtractToMemory(
             zip, &entry, reinterpret_cast<uint8_t*>(partition_list_content.data()), length);
commit	d1ba38f7c96e74901779089fea6d09b0c7c2521d	[log] [tgz]
author	Kelvin Zhang <zhangkelvin@google.com>	Thu Sep 17 11:32:29 2020 -0400
committer	Kelvin Zhang <zhangkelvin@google.com>	Fri Sep 18 17:41:51 2020 -0400
tree	f892e9ca467b4f751345a2a3200caf8903a217c9
parent	a35202befd6460a30330d57e7e69564bc6fb29f9 [diff] [blame]