Fix copyFrom overflow when arg is UINT32_MAX. hidl_string's copyFrom method is actually allocating size + 1 in order to allocate space for the extra '\0'. This fixes the OBO in the check to avoid overflow. Fixes: 68197287 Test: libhidl_Test Change-Id: Ic455b9931d7068fb9d19775baba2f424a08182e3

commit: 98893802c24dc810b7952bec85a3c7017b26352b [log] [tgz]
author: Steven Moreland <smoreland@google.com> Tue Oct 24 18:12:34 2017 -0700
committer: Steven Moreland <smoreland@google.com> Tue Oct 24 18:14:31 2017 -0700
tree: 4fdf7700e7cecbbb743d9e38645c10f9693abdff
parent: 3f8c4164067e0239c7f1cdd020d397ce42a9e641 [diff] [blame]
diff --git a/base/HidlSupport.cpp b/base/HidlSupport.cpp
index f857281..aec3fed 100644
--- a/base/HidlSupport.cpp
+++ b/base/HidlSupport.cpp

@@ -217,7 +217,7 @@
 void hidl_string::copyFrom(const char *data, size_t size) {
     // assume my resources are freed.
 
-    if (size > UINT32_MAX) {
+    if (size >= UINT32_MAX) {
         LOG(FATAL) << "string size can't exceed 2^32 bytes: " << size;
     }
     char *buf = (char *)malloc(size + 1);
commit	98893802c24dc810b7952bec85a3c7017b26352b	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Tue Oct 24 18:12:34 2017 -0700
committer	Steven Moreland <smoreland@google.com>	Tue Oct 24 18:14:31 2017 -0700
tree	4fdf7700e7cecbbb743d9e38645c10f9693abdff
parent	3f8c4164067e0239c7f1cdd020d397ce42a9e641 [diff] [blame]