summaryrefslogtreecommitdiffstats
path: root/updater
diff options
context:
space:
mode:
Diffstat (limited to 'updater')
-rw-r--r--updater/Android.mk4
-rw-r--r--updater/blockimg.c81
-rw-r--r--updater/install.c5
3 files changed, 79 insertions, 11 deletions
diff --git a/updater/Android.mk b/updater/Android.mk
index ff02a33b0..a0ea06fa5 100644
--- a/updater/Android.mk
+++ b/updater/Android.mk
@@ -17,6 +17,8 @@ include $(CLEAR_VARS)
# needed only for OTA packages.)
LOCAL_MODULE_TAGS := eng
+LOCAL_CLANG := true
+
LOCAL_SRC_FILES := $(updater_src_files)
ifeq ($(TARGET_USERIMAGES_USE_EXT4), true)
@@ -32,7 +34,7 @@ endif
LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS)
LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz
LOCAL_STATIC_LIBRARIES += libmincrypt libbz
-LOCAL_STATIC_LIBRARIES += libcutils liblog libstdc++ libc
+LOCAL_STATIC_LIBRARIES += libcutils liblog libc
LOCAL_STATIC_LIBRARIES += libselinux
tune2fs_static_libraries := \
libext2_com_err \
diff --git a/updater/blockimg.c b/updater/blockimg.c
index e18480062..fc35abe4d 100644
--- a/updater/blockimg.c
+++ b/updater/blockimg.c
@@ -60,30 +60,91 @@ typedef struct {
int pos[0];
} RangeSet;
+#define RANGESET_MAX_POINTS \
+ ((int)((INT_MAX / sizeof(int)) - sizeof(RangeSet)))
+
static RangeSet* parse_range(char* text) {
char* save;
- int num;
- num = strtol(strtok_r(text, ",", &save), NULL, 0);
+ char* token;
+ int i, num;
+ long int val;
+ RangeSet* out = NULL;
+ size_t bufsize;
- RangeSet* out = malloc(sizeof(RangeSet) + num * sizeof(int));
- if (out == NULL) {
- fprintf(stderr, "failed to allocate range of %zu bytes\n",
- sizeof(RangeSet) + num * sizeof(int));
- exit(1);
+ if (!text) {
+ goto err;
+ }
+
+ token = strtok_r(text, ",", &save);
+
+ if (!token) {
+ goto err;
+ }
+
+ val = strtol(token, NULL, 0);
+
+ if (val < 2 || val > RANGESET_MAX_POINTS) {
+ goto err;
+ } else if (val % 2) {
+ goto err; // must be even
+ }
+
+ num = (int) val;
+ bufsize = sizeof(RangeSet) + num * sizeof(int);
+
+ out = malloc(bufsize);
+
+ if (!out) {
+ fprintf(stderr, "failed to allocate range of %zu bytes\n", bufsize);
+ goto err;
}
+
out->count = num / 2;
out->size = 0;
- int i;
+
for (i = 0; i < num; ++i) {
- out->pos[i] = strtol(strtok_r(NULL, ",", &save), NULL, 0);
- if (i%2) {
+ token = strtok_r(NULL, ",", &save);
+
+ if (!token) {
+ goto err;
+ }
+
+ val = strtol(token, NULL, 0);
+
+ if (val < 0 || val > INT_MAX) {
+ goto err;
+ }
+
+ out->pos[i] = (int) val;
+
+ if (i % 2) {
+ if (out->pos[i - 1] >= out->pos[i]) {
+ goto err; // empty or negative range
+ }
+
+ if (out->size > INT_MAX - out->pos[i]) {
+ goto err; // overflow
+ }
+
out->size += out->pos[i];
} else {
+ if (out->size < 0) {
+ goto err;
+ }
+
out->size -= out->pos[i];
}
}
+ if (out->size <= 0) {
+ goto err;
+ }
+
return out;
+
+err:
+ fprintf(stderr, "failed to parse range '%s'\n", text ? text : "NULL");
+ exit(1);
}
static int range_overlaps(RangeSet* r1, RangeSet* r2) {
diff --git a/updater/install.c b/updater/install.c
index 01a5dd24b..4a0e064c3 100644
--- a/updater/install.c
+++ b/updater/install.c
@@ -61,6 +61,11 @@ void uiPrint(State* state, char* buffer) {
line = strtok(NULL, "\n");
}
fprintf(ui->cmd_pipe, "ui_print\n");
+
+ // The recovery will only print the contents to screen for pipe command
+ // ui_print. We need to dump the contents to stderr (which has been
+ // redirected to the log file) directly.
+ fprintf(stderr, "%s", buffer);
}
__attribute__((__format__(printf, 2, 3))) __nonnull((2))