commit 1a918d0233c6b11f86280065da9bb044a15f3b1b
author android-build-team Robot <android-build-team-robot@google.com> Fri Apr 13 22:22:22 2018 +0000
committer android-build-team Robot <android-build-team-robot@google.com> Fri Apr 13 22:22:22 2018 +0000
tree 11d5e9d6bbaef903597d9399008459a678b834c7
parent f994033f998c0bd5f8815f151a648087e9b7a4f4
parent c13071f95b50d5a9c7e5fdd916b9a42ee5c5b74b

Merge cherrypicks of [3898864, 3898788, 3898789, 3898836, 3898617, 3898865, 3898683, 3898866, 3898867, 3897560, 3898868, 3898790, 3898791, 3898792, 3898793, 3898794, 3898048, 3898049, 3898050, 3897937, 3897938, 3897867, 3897868, 3897939, 3898869, 3898978, 3898799, 3898763] into sparse-4669640-L25700000163305736

Change-Id: Ibf3bee67113234976700566cd6be7e7c45937f25

libutils/String16.cpp

diff --git a/libutils/String16.cpp b/libutils/String16.cpp
index ad335c3..e8f1c51 100644
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -79,6 +79,23 @@
     return getEmptyString();
 }
 
+static char16_t* allocFromUTF16(const char16_t* u16str, size_t u16len) {
+    if (u16len >= SIZE_MAX / sizeof(char16_t)) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
+    SharedBuffer* buf = SharedBuffer::alloc((u16len + 1) * sizeof(char16_t));
+    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
+    if (buf) {
+        char16_t* str = (char16_t*)buf->data();
+        memcpy(str, u16str, u16len * sizeof(char16_t));
+        str[u16len] = 0;
+        return str;
+    }
+    return getEmptyString();
+}
+
 // ---------------------------------------------------------------------------
 
 String16::String16()
@@ -111,35 +128,9 @@
     setTo(o, len, begin);
 }
 
-String16::String16(const char16_t* o)
-{
-    size_t len = strlen16(o);
-    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
-    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
-    if (buf) {
-        char16_t* str = (char16_t*)buf->data();
-        strcpy16(str, o);
-        mString = str;
-        return;
-    }
+String16::String16(const char16_t* o) : mString(allocFromUTF16(o, strlen16(o))) {}
 
-    mString = getEmptyString();
-}
-
-String16::String16(const char16_t* o, size_t len)
-{
-    SharedBuffer* buf = SharedBuffer::alloc((len+1)*sizeof(char16_t));
-    ALOG_ASSERT(buf, "Unable to allocate shared buffer");
-    if (buf) {
-        char16_t* str = (char16_t*)buf->data();
-        memcpy(str, o, len*sizeof(char16_t));
-        str[len] = 0;
-        mString = str;
-        return;
-    }
-
-    mString = getEmptyString();
-}
+String16::String16(const char16_t* o, size_t len) : mString(allocFromUTF16(o, len)) {}
 
 String16::String16(const String8& o)
     : mString(allocFromUTF8(o.string(), o.size()))
@@ -201,6 +192,11 @@
 
 status_t String16::setTo(const char16_t* other, size_t len)
 {
+    if (len >= SIZE_MAX / sizeof(char16_t)) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((len+1)*sizeof(char16_t));
     if (buf) {
@@ -224,6 +220,11 @@
         return NO_ERROR;
     }
 
+    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((myLen+otherLen+1)*sizeof(char16_t));
     if (buf) {
@@ -245,6 +246,11 @@
         return NO_ERROR;
     }
 
+    if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
+        android_errorWriteLog(0x534e4554, "73826242");
+        abort();
+    }
+
     SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
         ->editResize((myLen+otherLen+1)*sizeof(char16_t));
     if (buf) {