AAPT2: Fix parsing ResTable_type
ResTable_type's size changes due to it containing
ResTable_config. Make sure we check for the minimum size
required to read it.
Bug: 35861796
Test: Manual (don't have an integration test harness setup yet)
Change-Id: Ifb0cd1d732625f59835c8ed0449adb78129636de
diff --git a/tools/aapt2/unflatten/BinaryResourceParser.cpp b/tools/aapt2/unflatten/BinaryResourceParser.cpp
index 9158bdd..66bcfa0 100644
--- a/tools/aapt2/unflatten/BinaryResourceParser.cpp
+++ b/tools/aapt2/unflatten/BinaryResourceParser.cpp
@@ -313,7 +313,9 @@
return false;
}
- const ResTable_type* type = ConvertTo<ResTable_type>(chunk);
+ // Specify a manual size, because ResTable_type contains ResTable_config, which changes
+ // a lot and has its own code to handle variable size.
+ const ResTable_type* type = ConvertTo<ResTable_type, kResTableTypeMinSize>(chunk);
if (!type) {
context_->GetDiagnostics()->Error(DiagMessage(source_)
<< "corrupt ResTable_type chunk");
diff --git a/tools/aapt2/unflatten/ResChunkPullParser.h b/tools/aapt2/unflatten/ResChunkPullParser.h
index 437fc5c..5827753 100644
--- a/tools/aapt2/unflatten/ResChunkPullParser.h
+++ b/tools/aapt2/unflatten/ResChunkPullParser.h
@@ -78,9 +78,9 @@
std::string error_;
};
-template <typename T>
+template <typename T, size_t MinSize = sizeof(T)>
inline static const T* ConvertTo(const android::ResChunk_header* chunk) {
- if (util::DeviceToHost16(chunk->headerSize) < sizeof(T)) {
+ if (util::DeviceToHost16(chunk->headerSize) < MinSize) {
return nullptr;
}
return reinterpret_cast<const T*>(chunk);