commit 3f894a81f130a9ba37e4bc710f5214b65981c6d2
author Jae Hoon Kim <kimjae@chromium.org> Wed May 20 19:26:19 2020 -0700
committer Commit Bot <commit-bot@chromium.org> Thu May 21 20:54:21 2020 +0000
tree 56f40ca47fd3b1398a0f691c2697a78afc86fe51
parent 975e86643939308559293ee1562a654cf874f259

update_engine: Fix ubsan error for undefined-behavior

The error:
   "runtime error: applying non-zero offset 224 to null pointer"

Incrementing past the |std::vector<T>::end()| is undefined behavior,
hence we must check before assigning the |second| variable based off of
|first| because |first| may be |std::vector<T>::end()|.

BUG=chromium:1067975
TEST=USE="${USE} ubsan" FEATURES=test P2_TEST_FILTER=*EmptyFilesystemTest*-*RunAsRoot* emerge-$B update_engine

Change-Id: I9fb2a213464755c4cf115dc5ba3e658a927d0262
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2210979
Tested-by: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Commit-Queue: Jae Hoon Kim <kimjae@chromium.org>

payload_generator/squashfs_filesystem.cc

diff --git a/payload_generator/squashfs_filesystem.cc b/payload_generator/squashfs_filesystem.cc
index 234a587..eb4fda3 100644
--- a/payload_generator/squashfs_filesystem.cc
+++ b/payload_generator/squashfs_filesystem.cc
@@ -200,7 +200,8 @@
   // If there is any overlap between two consecutive extents, remove them. Here
   // we are assuming all files have exactly one extent. If this assumption
   // changes then this implementation needs to change too.
-  for (auto first = files_.begin(), second = first + 1;
+  for (auto first = files_.begin(),
+            second = first + (first == files_.end() ? 0 : 1);
        first != files_.end() && second != files_.end();
        second = first + 1) {
     auto first_begin = first->extents[0].start_block();