Google Git
Sign in
fuchsia / third_party / android / platform / external / avb / 4b121e35d6686d569890bb1d3b28561c0b805f39^! / .
commit4b121e35d6686d569890bb1d3b28561c0b805f39[log] [tgz]
authorThiƩbaud Weksteen <tweek@google.com>Fri May 15 13:26:20 2020 +0200
committerThiƩbaud Weksteen <tweek@google.com>Fri May 15 14:56:19 2020 +0200
tree4a3f8c67c2f8be89a016a3eb7342e7548ee1fa4f
parent916495b8427b2319be3066d5a5c9f30fdce4fcf9 [diff]
libavb_aftl: convert avb_assert to regular checks

avb_assert will trigger an abort at runtime. Gracefully handle the
associated errors so the control flow can continue for non-fatal errors.

Test: atest --host libavb_host_unittest
Change-Id: I2e985507be8ceb921d418c7f56262610117a441d

diff --git a/libavb_aftl/avb_aftl_util.c b/libavb_aftl/avb_aftl_util.c
index d537f42..f780e82 100644
--- a/libavb_aftl/avb_aftl_util.c
+++ b/libavb_aftl/avb_aftl_util.c

@@ -361,8 +361,10 @@
                                                size_t aftl_blob_remaining) {
   avb_assert(icp_entry);
   avb_assert(aftl_blob);
-  avb_assert(aftl_blob_remaining >= AVB_AFTL_MIN_TLRD_SIZE);
   uint8_t* blob_end = *aftl_blob + aftl_blob_remaining;
+  if (*aftl_blob > blob_end) {
+    return false;
+  }
 
   /* Copy in the version field from the blob. */
   if (!read_u16(
@@ -563,8 +565,9 @@
                                   uint8_t** aftl_blob) {
   SignedVBMetaPrimaryAnnotationLeaf* leaf;
   uint8_t* blob_end = *aftl_blob + icp_entry->annotation_leaf_size;
-
-  avb_assert(*aftl_blob < blob_end);
+  if (*aftl_blob > blob_end) {
+    return false;
+  }
 
   leaf = (SignedVBMetaPrimaryAnnotationLeaf*)avb_calloc(
       sizeof(SignedVBMetaPrimaryAnnotationLeaf));
@@ -612,8 +615,9 @@
   AftlIcpEntry* icp_entry;
   uint8_t* blob_start = *aftl_blob;
   uint8_t* blob_end = *aftl_blob + *remaining_size;
-
-  avb_assert(blob_start < blob_end);
+  if (*aftl_blob > blob_end) {
+    return NULL;
+  }
 
   if (*remaining_size < AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE) {
     avb_error("Invalid AftlImage\n");
@@ -807,7 +811,10 @@
   size_t remaining_size;
 
   /* Ensure the blob is at least large enough for an AftlImageHeader */
-  avb_assert(aftl_blob_size >= sizeof(AftlImageHeader));
+  if (aftl_blob_size < sizeof(AftlImageHeader)) {
+    avb_error("Invalid image header.\n");
+    return NULL;
+  }
   image_header = (AftlImageHeader*)aftl_blob;
   /* Check for the magic value for an AftlImageHeader. */
   if (image_header->magic != AVB_AFTL_MAGIC) {
@@ -816,9 +823,11 @@
   }
   /* Extract the size out of the header. */
   image_size = avb_be32toh(image_header->image_size);
-  if (image_size > AVB_AFTL_MAX_AFTL_IMAGE_SIZE) return NULL;
-  avb_assert(image_size >= sizeof(AftlImageHeader) &&
-             image_size < AVB_AFTL_MAX_AFTL_IMAGE_SIZE);
+  if (image_size < sizeof(AftlImageHeader) ||
+      image_size > AVB_AFTL_MAX_AFTL_IMAGE_SIZE) {
+    avb_error("Invalid image size.\n");
+    return NULL;
+  }
   image = (AftlImage*)avb_calloc(sizeof(AftlImage));
   if (!image) {
     avb_error("Failed allocation for AftlImage.\n");