diff options
author | yixuanjiang <yixuanjiang@google.com> | 2023-10-03 20:16:55 +0800 |
---|---|---|
committer | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2023-10-12 02:37:17 +0000 |
commit | 6c07bf70500e2163fb6654a16780eabe63000d12 (patch) | |
tree | 1cbd46c727360e143cbf417b8d7232ee77069bcd | |
parent | 89b5a47bfcce5de1d5a885087dde90d4c97f858e (diff) | |
download | aoc-6c07bf70500e2163fb6654a16780eabe63000d12.tar.gz |
aoc: prevent out of range on find_ramdump_sectionandroid-u-qpr1-beta-2.2_r0.6android-u-qpr1-beta-2.2_r0.5android-u-qpr1-beta-2.2_r0.4android-u-qpr1-beta-2.2_r0.3android-14.0.0_r0.44android-14.0.0_r0.43android-14.0.0_r0.42android-14.0.0_r0.41android-14.0.0_r0.40android-14.0.0_r0.39android-14.0.0_r0.37android-14.0.0_r0.36android-14.0.0_r0.35android-14.0.0_r0.34android-14.0.0_r0.33android-14.0.0_r0.31android-14.0.0_r0.25android-14.0.0_r0.23android-14.0.0_r0.21android-gs-tangorpro-5.10-android14-qpr1-betaandroid-gs-tangorpro-5.10-android14-qpr1android-gs-raviole-5.10-android14-qpr1android-gs-pantah-5.10-android14-qpr1-betaandroid-gs-pantah-5.10-android14-qpr1android-gs-lynx-5.10-android14-qpr1-betaandroid-gs-lynx-5.10-android14-qpr1android-gs-felix-5.10-android14-qpr1-betaandroid-gs-felix-5.10-android14-qpr1android-gs-bluejay-5.10-android14-qpr1
when coredump is corrupt, the value of num_sections
from ramdump_header may larger than the number of
sections. Out of range access will cause the KP.
Bug: 302929196
Change-Id: I423886cb8223617d84cf1b21231a914c70a30dd2
Signed-off-by: yixuanjiang <yixuanjiang@google.com>
-rw-r--r-- | aoc.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -2556,6 +2556,9 @@ static struct aoc_section_header *find_ramdump_section(struct aoc_ramdump_header { int i; + if (ramdump_header->num_sections != RAMDUMP_NUM_SECTIONS) + return NULL; + for (i = 0; i < ramdump_header->num_sections; i++) if (ramdump_header->sections[i].type == section_type) return &ramdump_header->sections[i]; |