ab8a50473c55a29103f1ad71cb1fda6bbac884cb - platform_system_keymaster

commit	ab8a50473c55a29103f1ad71cb1fda6bbac884cb	[log] [tgz]
author	Eran Messeri <eranm@google.com>	Thu Oct 21 10:21:29 2021 +0100
committer	Eran Messeri <eranm@google.com>	Thu Oct 21 10:29:28 2021 +0100
tree	442d8fb7602e5a15069e8d90b1f8872bc53c3656
parent	c25875ba8f458aaf9b31cc5196522aa67b3f4a48 [diff]

Improved signedness check in Keymaster buffer

Per suggestion in another code review, use __builtin_add_overflow
to add the distance to the write position, rather than direct add.

This would prevent potentially triggering integer overflow sanitizer
(which might abort() execution).

To test:
m libkeymaster_fuzz_buffer
Push to /data/fuzzer on-device
Push
clusterfuzz-testcase-minimized-libkeymaster_fuzz_buffer-5372592199434240
to the same directory

Ignore-AOSP-First: Security fix
Test: Run libkeymaster_fuzz_buffer on clusterfuzz-testcase-minimized-libkeymaster_fuzz_buffer-5372592199434240
Bug: 173567719
Change-Id: Iac339f68678966e0f4ed3fd13790a4fa6074e56f

android_keymaster/serializable.cpp[diff]

1 file changed