3party/crashpad
0
0
Fork 0
mirror of https://github.com/chromium/crashpad.git synced 2024-12-27 15:32:10 +08:00
Code Issues Projects Releases Wiki Activity

ios: Fix incorrect type in IOSIntermediateDumpReader::Parse.

Browse Source 
size_t is written to intermediate dump properties, but the parser was
reading off_t.  off_t can go negative, which is a bad thing to pass
to a std::vector constructor.

Bug: crashpad:31
Change-Id: I52ebda0b29ece50d6d1cbc9064a70b2e221a4df1
Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/3261749
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
This commit is contained in:
Justin Cohen 2021-11-04 15:32:12 -04:00 committed by Crashpad LUCI CQ
parent 197d037cfd
commit 717b3c9e7b
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
util/ios/ios_intermediate_dump_reader.cc
View File

@ -142,7 +142,7 @@ bool IOSIntermediateDumpReader::Parse(FileReaderInterface* reader,
if (key == IntermediateDumpKey::kInvalid)
return false;
off_t value_length;
size_t value_length;
if (!reader->ReadExactly(&value_length, sizeof(value_length))) {
return false;
}

26
util/ios/ios_intermediate_dump_reader_test.cc
View File

@ -96,6 +96,32 @@ TEST_F(IOSIntermediateDumpReaderTest, ReadHelloWorld) {
EXPECT_TRUE(root_map->empty());
}
TEST_F(IOSIntermediateDumpReaderTest, FuzzTestCases) {
constexpr uint8_t fuzz1[] = {0x6,
0x5,
0x0,
0xff,
0xff,
0xfd,
0x1,
0xff,
0xff,
0xff,
0xff,
0xff,
0xfd,
0x1,
0x7,
0x16};
EXPECT_TRUE(LoggingWriteFile(fd(), &fuzz1, sizeof(fuzz1)));
internal::IOSIntermediateDumpReader reader;
EXPECT_TRUE(reader.Initialize(path()));
EXPECT_FALSE(IsRegularFile(path()));
const auto root_map = reader.RootMap();
EXPECT_TRUE(root_map->empty());
}
TEST_F(IOSIntermediateDumpReaderTest, WriteBadPropertyDataLength) {
internal::IOSIntermediateDumpReader reader;
IOSIntermediateDumpWriter::CommandType command_type =