openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

adbd: Fix check against valid payload size 

block->payload and its size are not valid when it is used to check
against bytes_left due to std::move() performed on its just prior
to the check. Hence check will always fail to detect the case where
received data is more than expected. To detect this condition and
allow error handling with std::move(), remove extra payload variable
and directly use block->payload.

Bug: http://b/168917244
Change-Id: I992bbba9d9a9861a195834f69d62e69b90658210
This commit is contained in:
Mayank Rana 2020-09-11 11:40:00 -07:00 committed by Josh Gao
parent fd19ef40e8
commit 71a33cfa67
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
adb/daemon/usb.cpp
View File

@ -584,12 +584,11 @@ struct UsbFfsConnection : public Connection {
incoming_header_ = msg;
} else {
size_t bytes_left = incoming_header_->data_length - incoming_payload_.size();
Block payload = std::move(block->payload);
if (block->payload.size() > bytes_left) {
HandleError("received too many bytes while waiting for payload");
return false;
}
incoming_payload_.append(std::move(payload));
incoming_payload_.append(std::move(block->payload));
}
if (incoming_header_->data_length == incoming_payload_.size()) {