Check for overflow before allocating memory fore decompression.
On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.
Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
diff --git a/updater/install.cpp b/updater/install.cpp
index cfa4d9d..2959650 100644
--- a/updater/install.cpp
+++ b/updater/install.cpp
@@ -35,6 +35,7 @@
#include <unistd.h>
#include <utime.h>
+#include <limits>
#include <memory>
#include <string>
#include <vector>
@@ -172,6 +173,11 @@
}
std::string buffer;
+ if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+ return ErrorAbort(state, kPackageExtractFileFailure,
+ "%s(): Entry `%s` Uncompressed size exceeds size of address space.", name,
+ zip_path.c_str());
+ }
buffer.resize(entry.uncompressed_length);
int32_t ret =