1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "androidfw/Chunk.h" 18 19 #include "android-base/logging.h" 20 21 namespace android { 22 23 Chunk ChunkIterator::Next() { 24 CHECK(len_ != 0) << "called Next() after last chunk"; 25 26 const ResChunk_header* this_chunk = next_chunk_; 27 28 // We've already checked the values of this_chunk, so safely increment. 29 next_chunk_ = reinterpret_cast<const ResChunk_header*>( 30 reinterpret_cast<const uint8_t*>(this_chunk) + dtohl(this_chunk->size)); 31 len_ -= dtohl(this_chunk->size); 32 33 if (len_ != 0) { 34 // Prepare the next chunk. 35 if (VerifyNextChunkNonFatal()) { 36 VerifyNextChunk(); 37 } 38 } 39 return Chunk(this_chunk); 40 } 41 42 // TODO(b/111401637) remove this and have full resource file verification 43 // Returns false if there was an error. 44 bool ChunkIterator::VerifyNextChunkNonFatal() { 45 if (len_ < sizeof(ResChunk_header)) { 46 last_error_ = "not enough space for header"; 47 last_error_was_fatal_ = false; 48 return false; 49 } 50 const size_t size = dtohl(next_chunk_->size); 51 if (size > len_) { 52 last_error_ = "chunk size is bigger than given data"; 53 last_error_was_fatal_ = false; 54 return false; 55 } 56 return true; 57 } 58 59 // Returns false if there was an error. 60 bool ChunkIterator::VerifyNextChunk() { 61 const uintptr_t header_start = reinterpret_cast<uintptr_t>(next_chunk_); 62 63 // This data must be 4-byte aligned, since we directly 64 // access 32-bit words, which must be aligned on 65 // certain architectures. 66 if (header_start & 0x03) { 67 last_error_ = "header not aligned on 4-byte boundary"; 68 return false; 69 } 70 71 if (len_ < sizeof(ResChunk_header)) { 72 last_error_ = "not enough space for header"; 73 return false; 74 } 75 76 const size_t header_size = dtohs(next_chunk_->headerSize); 77 const size_t size = dtohl(next_chunk_->size); 78 if (header_size < sizeof(ResChunk_header)) { 79 last_error_ = "header size too small"; 80 return false; 81 } 82 83 if (header_size > size) { 84 last_error_ = "header size is larger than entire chunk"; 85 return false; 86 } 87 88 if (size > len_) { 89 last_error_ = "chunk size is bigger than given data"; 90 return false; 91 } 92 93 if ((size | header_size) & 0x03) { 94 last_error_ = "header sizes are not aligned on 4-byte boundary"; 95 return false; 96 } 97 return true; 98 } 99 100 } // namespace android 101
