From d1ba38f7c96e74901779089fea6d09b0c7c2521d Mon Sep 17 00:00:00 2001
From: Kelvin Zhang <zhangkelvin@google.com>
Date: Thu, 17 Sep 2020 11:32:29 -0400
Subject: Check for overflow before allocating memory fore decompression.

On 32bit devices, an ZipEntry64 may have size > 2^32, we should check
for such cases before attempting to allocate memory.

Test: mm -j
Change-Id: I0f916ef4b2a692f167719a74bd6ff2e887c6c2ce
---
 updater/target_files.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'updater/target_files.cpp')

diff --git a/updater/target_files.cpp b/updater/target_files.cpp
index 951923293..207146f52 100644
--- a/updater/target_files.cpp
+++ b/updater/target_files.cpp
@@ -137,6 +137,13 @@ bool TargetFile::ReadEntryToString(const std::string_view name, std::string* con
     return true;
   }
 
+  if (entry.uncompressed_length > std::numeric_limits<size_t>::max()) {
+    LOG(ERROR) << "Failed to extract " << name
+               << " because's uncompressed size exceeds size of address space. "
+               << entry.uncompressed_length;
+    return false;
+  }
+
   content->resize(entry.uncompressed_length);
   if (auto extract_err = ExtractToMemory(
           handle_, &entry, reinterpret_cast<uint8_t*>(&content->at(0)), entry.uncompressed_length);
-- 
cgit v1.2.3