Loosen resource file verification
Bug: 77808145
Test: Tried to install corrupt APK prior to the change, install failed
Test: Tried to install corrupt APK after the change, install succeeded
Test: atest CtsAppSecurityHostTestCases:CorruptApkTests
Change-Id: I19a69e52a17c1080beaf2cc575c32f564b1033a3
diff --git a/libs/androidfw/ChunkIterator.cpp b/libs/androidfw/ChunkIterator.cpp
index d8adbe5..8fc3219 100644
--- a/libs/androidfw/ChunkIterator.cpp
+++ b/libs/androidfw/ChunkIterator.cpp
@@ -32,11 +32,30 @@
if (len_ != 0) {
// Prepare the next chunk.
- VerifyNextChunk();
+ if (VerifyNextChunkNonFatal()) {
+ VerifyNextChunk();
+ }
}
return Chunk(this_chunk);
}
+// TODO(b/111401637) remove this and have full resource file verification
+// Returns false if there was an error.
+bool ChunkIterator::VerifyNextChunkNonFatal() {
+ if (len_ < sizeof(ResChunk_header)) {
+ last_error_ = "not enough space for header";
+ last_error_was_fatal_ = false;
+ return false;
+ }
+ const size_t size = dtohl(next_chunk_->size);
+ if (size > len_) {
+ last_error_ = "chunk size is bigger than given data";
+ last_error_was_fatal_ = false;
+ return false;
+ }
+ return true;
+}
+
// Returns false if there was an error.
bool ChunkIterator::VerifyNextChunk() {
const uintptr_t header_start = reinterpret_cast<uintptr_t>(next_chunk_);