add checks to avoid potential buffer overflows and prevent exceptions
number_platform_modes variable is from another module (e.g.,
eModule->get_number_of_platform_modes(mModule)) and thus can be
a big number. If a big number is used as the size of new operation,
it can cause an exception as is.
Test: mma
Change-Id: I6cf6027804be980ad39c80a1571b284efabce7e8
diff --git a/power/1.0/default/Power.cpp b/power/1.0/default/Power.cpp
index 29594eb..820c410 100644
--- a/power/1.0/default/Power.cpp
+++ b/power/1.0/default/Power.cpp
@@ -78,7 +78,9 @@
number_platform_modes = mModule->get_number_of_platform_modes(mModule);
if (number_platform_modes > 0)
{
- voters = new size_t [number_platform_modes];
+ if (SIZE_MAX / sizeof(size_t) <= number_platform_modes) // overflow
+ goto done;
+ voters = new (std::nothrow) size_t [number_platform_modes];
if (voters == nullptr)
goto done;
@@ -86,7 +88,11 @@
if (ret != 0)
goto done;
- legacy_states = new power_state_platform_sleep_state_t [number_platform_modes];
+ if (SIZE_MAX / sizeof(power_state_platform_sleep_state_t)
+ <= number_platform_modes) // overflow
+ goto done;
+ legacy_states = new (std::nothrow)
+ power_state_platform_sleep_state_t [number_platform_modes];
if (legacy_states == nullptr)
goto done;