Added extra safety in dexdump2 -d option around nonsense code.
Rationale:
Although it is hard to make this completely water tight against
"nonsense in", this extra safeguard prevents segfaulting on
run away instructions.
Bug: 72874888
Test: dexdump suite
Change-Id: Ida26dd8b2c96f7c0ad9600b57039ee6dddbc2526
diff --git a/dexdump/dexdump.cc b/dexdump/dexdump.cc
index 01b28b5..8778b12 100644
--- a/dexdump/dexdump.cc
+++ b/dexdump/dexdump.cc
@@ -1176,14 +1176,20 @@
// Iterate over all instructions.
CodeItemDataAccessor accessor(*pDexFile, pCode);
+ const u4 maxPc = accessor.InsnsSizeInCodeUnits();
for (const DexInstructionPcPair& pair : accessor) {
+ const u4 dexPc = pair.DexPc();
+ if (dexPc >= maxPc) {
+ LOG(WARNING) << "GLITCH: run-away instruction at idx=0x" << std::hex << dexPc;
+ break;
+ }
const Instruction* instruction = &pair.Inst();
const u4 insnWidth = instruction->SizeInCodeUnits();
if (insnWidth == 0) {
- LOG(WARNING) << "GLITCH: zero-width instruction at idx=0x" << std::hex << pair.DexPc();
+ LOG(WARNING) << "GLITCH: zero-width instruction at idx=0x" << std::hex << dexPc;
break;
}
- dumpInstruction(pDexFile, pCode, codeOffset, pair.DexPc(), insnWidth, instruction);
+ dumpInstruction(pDexFile, pCode, codeOffset, dexPc, insnWidth, instruction);
} // for
}