auto import from //branches/cupcake_rel/...@138607
diff --git a/libcutils/array.c b/libcutils/array.c
index ff2c8ff..55ec055 100644
--- a/libcutils/array.c
+++ b/libcutils/array.c
@@ -18,8 +18,10 @@
#include <assert.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#define INITIAL_CAPACITY (4)
+#define MAX_CAPACITY ((int)(UINT_MAX/sizeof(void*)))
struct Array {
void** contents;
@@ -45,13 +47,26 @@
static int ensureCapacity(Array* array, int capacity) {
int oldCapacity = array->capacity;
if (capacity > oldCapacity) {
- int newCapacity = (oldCapacity == 0) ? INITIAL_CAPACITY : oldCapacity * 2;
-
- // Keep doubling capacity until we surpass necessary capacity.
+ int newCapacity = (oldCapacity == 0) ? INITIAL_CAPACITY : oldCapacity;
+
+ // Ensure we're not doing something nasty
+ if (capacity > MAX_CAPACITY)
+ return -1;
+
+ // Keep doubling capacity until we surpass necessary capacity.
while (newCapacity < capacity) {
- newCapacity *= 2;
+ int newCap = newCapacity*2;
+ // Handle integer overflows
+ if (newCap < newCapacity || newCap > MAX_CAPACITY) {
+ newCap = MAX_CAPACITY;
+ }
+ newCapacity = newCap;
}
-
+
+ // Should not happen, but better be safe than sorry
+ if (newCapacity < 0 || newCapacity > MAX_CAPACITY)
+ return -1;
+
void** newContents;
if (array->contents == NULL) {
// Allocate new array.
@@ -151,5 +166,5 @@
}
const void** arrayUnwrap(Array* array) {
- return array->contents;
+ return (const void**)array->contents;
}
diff --git a/libcutils/strdup8to16.c b/libcutils/strdup8to16.c
index 8654b04..63e5ca4 100644
--- a/libcutils/strdup8to16.c
+++ b/libcutils/strdup8to16.c
@@ -18,6 +18,7 @@
#include <cutils/jstring.h>
#include <assert.h>
#include <stdlib.h>
+#include <limits.h>
/* See http://www.unicode.org/reports/tr22/ for discussion
* on invalid sequences
@@ -48,6 +49,10 @@
len = strlen8to16(s);
+ // fail on overflow
+ if (len && SIZE_MAX/len < sizeof(char16_t))
+ return NULL;
+
// no plus-one here. UTF-16 strings are not null terminated
ret = (char16_t *) malloc (sizeof(char16_t) * len);