drgreen/android_device_google_gs-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bootctrl: fixed OOB read in BootControl

Browse Source 
Fixed OOB read in BootControl::isSlotMarkedSuccessful() by checking
if "in_slot" is negative

Flag: EXEMPT bugfix
Test: tested on Husky device
Bug: 353516777
Signed-off-by: bgkim <bgkim@google.com>
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b584b9c7e081d803b32f0ff5f059573dfa6c0a0e)
Merged-In: I634c32a8c12403008fe5a724bc447f82931ae9c5
Change-Id: I634c32a8c12403008fe5a724bc447f82931ae9c5
This commit is contained in:
bgkim 2024-08-28 12:38:34 -07:00 committed by Android Build Coastguard Worker
parent ba09b1a269
commit d93d355fb6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bootctrl/aidl/BootControl.cpp
View File

@ -384,7 +384,7 @@ ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_r
*_aidl_return = true;
return ScopedAStatus::ok();
}
if (in_slot >= slots)
if (in_slot < 0 || in_slot >= slots)
return ScopedAStatus::fromServiceSpecificErrorWithMessage(
INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());