bootctrl: fixed OOB read in BootControl Fixed OOB read in BootControl::isSlotMarkedSuccessful() by checking if "in_slot" is negative Flag: EXEMPT bugfix Test: tested on Husky device Bug: 353516777 Change-Id: I634c32a8c12403008fe5a724bc447f82931ae9c5 Signed-off-by: bgkim <bgkim@google.com>

commit: b584b9c7e081d803b32f0ff5f059573dfa6c0a0e [log] [tgz]
author: bgkim <bgkim@google.com> Wed Aug 28 12:38:34 2024 -0700
committer: bgkim <bgkim@google.com> Wed Aug 28 12:44:34 2024 -0700
tree: 7a3990f355fb109819fc215c83a0e0d63c9a2dc5
parent: a01bc1d315713b65dfc61251878ea51357d31836 [diff] [blame]
diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
index 83deb72..8655929 100644
--- a/bootctrl/aidl/BootControl.cpp
+++ b/bootctrl/aidl/BootControl.cpp

@@ -384,7 +384,7 @@
         *_aidl_return = true;
         return ScopedAStatus::ok();
     }
-    if (in_slot >= slots)
+    if (in_slot < 0 || in_slot >= slots)
         return ScopedAStatus::fromServiceSpecificErrorWithMessage(
                 INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
commit	b584b9c7e081d803b32f0ff5f059573dfa6c0a0e	[log] [tgz]
author	bgkim <bgkim@google.com>	Wed Aug 28 12:38:34 2024 -0700
committer	bgkim <bgkim@google.com>	Wed Aug 28 12:44:34 2024 -0700
tree	7a3990f355fb109819fc215c83a0e0d63c9a2dc5
parent	a01bc1d315713b65dfc61251878ea51357d31836 [diff] [blame]