am 3ca99f6c: Merge "fix vulnerability in bspatch" * commit '3ca99f6cb8ffbe19c7ef5409f3dac18ea0c254bd': fix vulnerability in bspatch

commit: d4592694b41d5f8309d98cd3312b5486216cc685 [log] [tgz]
author: Doug Zongker <dougz@google.com> Fri May 16 15:03:24 2014 +0000
committer: Android Git Automerger <android-git-automerger@android.com> Fri May 16 15:03:24 2014 +0000
tree: 65f33edad5871413e4c6aba9dd129de96cf9ae77
parent: d2fb4ed58997afd18bd2b5274bf1835644d454fb [diff]
parent: 3ca99f6cb8ffbe19c7ef5409f3dac18ea0c254bd [diff]
diff --git a/applypatch/bspatch.c b/applypatch/bspatch.c
index 2e80f81..1dc7ab1 100644
--- a/applypatch/bspatch.c
+++ b/applypatch/bspatch.c

@@ -205,6 +205,11 @@
         ctrl[1] = offtin(buf+8);
         ctrl[2] = offtin(buf+16);
 
+        if (ctrl[0] < 0 || ctrl[1] < 0) {
+            printf("corrupt patch (negative byte counts)\n");
+            return 1;
+        }
+
         // Sanity check
         if (newpos + ctrl[0] > *new_size) {
             printf("corrupt patch (new file overrun)\n");
commit	d4592694b41d5f8309d98cd3312b5486216cc685	[log] [tgz]
author	Doug Zongker <dougz@google.com>	Fri May 16 15:03:24 2014 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	Fri May 16 15:03:24 2014 +0000
tree	65f33edad5871413e4c6aba9dd129de96cf9ae77
parent	d2fb4ed58997afd18bd2b5274bf1835644d454fb [diff]
parent	3ca99f6cb8ffbe19c7ef5409f3dac18ea0c254bd [diff]