Add checking for sparse file format Sparse file can come from an untrusted source. Need more checking to ensure that it is not a malformed file and would not cause any OOB read access. Update fuzz test for decoding also. Test: adb reboot fastboot fuzzy_fastboot --gtest_filter=Fuzz.Sparse* fuzzy_fastboot --gtest_filter=Conformance.Sparse* sparse_fuzzer Bug: 212705418 Change-Id: I7622df307bb00e59faaba8bb2c67cb474cffed8e

commit: a3b72067de65d37d8b646e699b900e984d70165d [log] [tgz]
author: Keith Mok <keithmok@google.com> Fri Dec 31 05:09:32 2021 +0000
committer: Keith Mok <keithmok@google.com> Fri Jan 14 00:37:48 2022 +0000
tree: 0e3c901d3fcb4285f2778a95285e3686e5093f0d
parent: e060580c31630d325323ee4341be9d30072387b1 [diff] [blame]
diff --git a/fastboot/device/flashing.cpp b/fastboot/device/flashing.cpp
index 7bef72a..44dc81f 100644
--- a/fastboot/device/flashing.cpp
+++ b/fastboot/device/flashing.cpp

@@ -119,9 +119,11 @@
 }
 
 int FlashSparseData(int fd, std::vector<char>& downloaded_data) {
-    struct sparse_file* file = sparse_file_import_buf(downloaded_data.data(), true, false);
+    struct sparse_file* file = sparse_file_import_buf(downloaded_data.data(),
+                                                      downloaded_data.size(), true, false);
     if (!file) {
-        return -ENOENT;
+        // Invalid sparse format
+        return -EINVAL;
     }
     return sparse_file_callback(file, false, false, WriteCallback, reinterpret_cast<void*>(fd));
 }
commit	a3b72067de65d37d8b646e699b900e984d70165d	[log] [tgz]
author	Keith Mok <keithmok@google.com>	Fri Dec 31 05:09:32 2021 +0000
committer	Keith Mok <keithmok@google.com>	Fri Jan 14 00:37:48 2022 +0000
tree	0e3c901d3fcb4285f2778a95285e3686e5093f0d
parent	e060580c31630d325323ee4341be9d30072387b1 [diff] [blame]