Merge cherrypicks of [5027797, 5027798, 5029209, 5030032, 5023135, 5028893, 5028915, 5028916, 5028917, 5028948, 5028949, 5028950, 5030131, 5030132, 5030133, 5030134, 5030135, 5028894, 5028918, 5030033, 5023136, 5030136, 5029210, 5030171, 5030172, 5030173, 5030174, 5030175, 5030176, 5030177, 5030178, 5030179, 5030180, 5029076, 5029077, 5029078, 5029079, 5029080, 5029081, 5029082, 5029083, 5029084, 5029085, 5029086, 5029087, 5029088, 5029089, 5029090, 5030211, 5030212, 5030213, 5030214, 5030215, 5030216, 5030217, 5020440, 5020441, 5020442, 5030137, 5030034, 5020443, 5030138, 5029124, 5027799, 5029125, 5029126, 5029127, 5023137, 5030139, 5030140, 5029132, 5030141, 5030142, 5030143, 5030181, 5030182, 5030183, 5030184, 5030185, 5030186, 5030187, 5030188, 5030189, 5030190, 5030231, 5030232, 5030233, 5030234, 5030235, 5030236, 5030237, 5030238, 5030239, 5030240, 5030241, 5030242, 5030243, 5030244, 5030245, 5030246, 5030247, 5030248, 5030249, 5030250, 5030271, 5030272, 5030273, 5030274, 5030275, 5030276, 5030277, 5030278, 5030279, 5030280, 5030281, 5020444, 5027800, 5030144] into nyc-bugfix-release
Change-Id: Id0c4cb5e5a9751a04ea51f18df49e9231e7912af
diff --git a/libutils/String16.cpp b/libutils/String16.cpp
index 65396ca..8001889 100644
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -84,6 +84,23 @@
return getEmptyString();
}
+static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {
+ if (u16len >= SIZE_MAX / sizeof(char16_t)) {
+ android_errorWriteLog(0x534e4554, "73826242");
+ abort();
+ }
+
+ SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));
+ ALOG_ASSERT(buf, "Unable to allocate shared buffer");
+ if (buf) {
+ char16_t* str = (char16_t*)buf->data();
+ memcpy(str, u16str, u16len * sizeof(char16_t));
+ str[u16len] = 0;
+ return str;
+ }
+ return getEmptyString();
+}
+
// ---------------------------------------------------------------------------
String16::String16()
@@ -116,35 +133,9 @@
setTo(o, len, begin);
}
-String16::String16(const char16_t* o)
-{
- size_t len = strlen16(o);
- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- strcpy16(str, o);
- mString = str;
- return;
- }
-
- mString = getEmptyString();
-}
+String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}
-String16::String16(const char16_t* o, size_t len)
-{
- SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
- ALOG_ASSERT(buf, "Unable to allocate shared buffer");
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- memcpy(str, o, len*sizeof(char16_t));
- str[len] = 0;
- mString = str;
- return;
- }
-
- mString = getEmptyString();
-}
+String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}
String16::String16(const String8& o)
: mString(allocFromUTF8(o.string(), o.size()))
@@ -206,6 +197,11 @@
status_t String16::setTo(const char16_t* other, size_t len)
{
+ if (len >= SIZE_MAX / sizeof(char16_t)) {
+ android_errorWriteLog(0x534e4554, "73826242");
+ abort();
+ }
+
SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
->editResize((len+1)*sizeof(char16_t));
if (buf) {
@@ -228,7 +224,12 @@
} else if (otherLen == 0) {
return NO_ERROR;
}
-
+
+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+ android_errorWriteLog(0x534e4554, "73826242");
+ abort();
+ }
+
SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
->editResize((myLen+otherLen+1)*sizeof(char16_t));
if (buf) {
@@ -249,7 +250,12 @@
} else if (otherLen == 0) {
return NO_ERROR;
}
-
+
+ if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+ android_errorWriteLog(0x534e4554, "73826242");
+ abort();
+ }
+
SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
->editResize((myLen+otherLen+1)*sizeof(char16_t));
if (buf) {
