commit cfb916e53e0301ce65265c32f1950ca696d099fb
author Ryan Mitchell <rtmitchell@google.com> Thu May 27 12:34:52 2021 -0700
committer Ryan Mitchell <rtmitchell@google.com> Thu May 27 12:41:36 2021 -0700
tree 4ca9cb2837191135c00ae8fc175cb5fa7197bef4
parent 72cd5f15528e6b930fadfdef1d79722ea7ff02e7

Verify presence of _FileAsset::getBuffer data

Rather than attempt to remove all users of Asset::getBuffer (which
includes AssetManager(1), aapt(1), and other places) and migrate  them
to use Asset::getIncFsBuffer, verify the presence of all the data in
the buffer before returning a raw pointer to the buffer data to
guarantee callers will not unexpectedly get a SIGBUS due to incremental
installation.

Bug: 179254882
Test: builds
Change-Id: I24fd9036bc53a8c23166b5471862ee542630fb56

libs/androidfw/Asset.cpp

diff --git a/libs/androidfw/Asset.cpp b/libs/androidfw/Asset.cpp
index 4fbe4a3..43a70c1 100644
--- a/libs/androidfw/Asset.cpp
+++ b/libs/androidfw/Asset.cpp
@@ -594,7 +594,12 @@
  */
 const void* _FileAsset::getBuffer(bool aligned)
 {
-    return getIncFsBuffer(aligned).unsafe_ptr();
+    auto buffer = getIncFsBuffer(aligned);
+    if (mBuf != NULL)
+        return mBuf;
+    if (!buffer.convert<uint8_t>().verify(mLength))
+        return NULL;
+    return buffer.unsafe_ptr();
 }
 
 incfs::map_ptr<void> _FileAsset::getIncFsBuffer(bool aligned)

libs/androidfw/include/androidfw/Asset.h

diff --git a/libs/androidfw/include/androidfw/Asset.h b/libs/androidfw/include/androidfw/Asset.h
index 40c91a6..19febcd 100644
--- a/libs/androidfw/include/androidfw/Asset.h
+++ b/libs/androidfw/include/androidfw/Asset.h
@@ -91,7 +91,8 @@
      * Get a pointer to a buffer with the entire contents of the file.
      * If `aligned` is true, the buffer data will be aligned to a 4-byte boundary.
      *
-     * Use this function if the asset can never reside on IncFs.
+     * If the buffer contents reside on IncFs, the entire buffer will be scanned to ensure the
+     * presence of the data before returning a raw pointer to the buffer.
      */
     virtual const void* getBuffer(bool aligned) = 0;
 
@@ -99,7 +100,8 @@
      * Get a incfs::map_ptr<void> to a buffer with the entire contents of the file.
      * If `aligned` is true, the buffer data will be aligned to a 4-byte boundary.
      *
-     * Use this function if the asset can potentially reside on IncFs.
+     * Use this function if the asset can potentially reside on IncFs to avoid the scanning of the
+     * buffer contents done in Asset::getBuffer.
      */
     virtual incfs::map_ptr<void> getIncFsBuffer(bool aligned) = 0;