commit 9b6abd50d8463ba1db5a2dce8c2ebca8d3f2d3a7
author Christopher Ferris <cferris@google.com> Thu Oct 01 18:39:33 2020 -0700
committer Christopher Ferris <cferris@google.com> Thu Oct 01 18:40:44 2020 -0700
tree 5326d61ce51e86167e798360c324b0ad1c4a9a4d
parent 8ba33eb34ba0c0acb3cc9273eadc34ed1ff9047b

Fix an error when overflows occur.

Bug: 169657723

Test: Ran original test case and verified it does not leak.
Change-Id: I7a315bc3a2c380c207696ce06cc4aeb5b27937ac

libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp

diff --git a/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp b/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp
index 9c5374a..65052b6 100644
--- a/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp
+++ b/libunwindstack/tests/fuzz/UnwinderComponentCreator.cpp
@@ -116,8 +116,12 @@
 
 static constexpr size_t kPageSize = 4096;
 
-static constexpr uint64_t AlignToPage(uint64_t address) {
-  return (address + kPageSize - 1) & ~(kPageSize - 1);
+static inline bool AlignToPage(uint64_t address, uint64_t* aligned_address) {
+  if (__builtin_add_overflow(address, kPageSize - 1, aligned_address)) {
+    return false;
+  }
+  *aligned_address &= ~(kPageSize - 1);
+  return true;
 }
 
 std::unique_ptr<Maps> GetMaps(FuzzedDataProvider* data_provider) {
@@ -125,8 +129,16 @@
   std::map<uint64_t, uint64_t> map_ends;
   uint8_t entry_count = data_provider->ConsumeIntegralInRange<uint8_t>(0, kMaxMapEntryCount);
   for (uint8_t i = 0; i < entry_count; i++) {
-    uint64_t start = AlignToPage(data_provider->ConsumeIntegral<uint64_t>());
-    uint64_t end = AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX));
+    uint64_t start;
+    if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &start)) {
+      // Overflowed.
+      continue;
+    }
+    uint64_t end;
+    if (!AlignToPage(data_provider->ConsumeIntegralInRange<uint64_t>(start, UINT64_MAX), &end)) {
+      // Overflowed.
+      continue;
+    }
     if (start == end) {
       // It's impossible to see start == end in the real world, so
       // make sure the map contains at least one page of data.
@@ -142,7 +154,11 @@
     }
     map_ends[end] = start;
 
-    uint64_t offset = AlignToPage(data_provider->ConsumeIntegral<uint64_t>());
+    uint64_t offset;
+    if (!AlignToPage(data_provider->ConsumeIntegral<uint64_t>(), &offset)) {
+      // Overflowed.
+      continue;
+    }
     std::string map_info_name = data_provider->ConsumeRandomLengthString(kMaxMapInfoNameLen);
     uint8_t flags = PROT_READ | PROT_WRITE;