commit 69c0680b3804d58cd9d6ce84c59789735e238873
author Alex Buynytskyy <alexbuy@google.com> Mon Apr 19 14:42:17 2021 -0700
committer Alex Buynytskyy <alexbuy@google.com> Mon Apr 19 23:10:06 2021 +0000
tree 3ca3beb997037cffce3a87724589ca94ce78de26
parent 7e3f8119d7bb8946b95f099c5b9bc3b5dc4dd495

Check sizes before trying to allocate memory.

Bug: 152148243
Test: adb install --incremental <apk from the bug>
Change-Id: Ib4b5986cb808669df54c2eee67727059e0c6d8e4

client/incremental.cpp

diff --git a/client/incremental.cpp b/client/incremental.cpp
index 60735f8..de93cb7 100644
--- a/client/incremental.cpp
+++ b/client/incremental.cpp
@@ -58,10 +58,16 @@
     auto [signature, tree_size] = read_id_sig_headers(fd);
 
     std::vector<char> invalid_signature;
+    if (signature.empty()) {
+        if (!silent) {
+            fprintf(stderr, "Invalid signature format. Abort.\n");
+        }
+        return {std::move(fd), std::move(invalid_signature)};
+    }
     if (signature.size() > kMaxSignatureSize) {
         if (!silent) {
-            fprintf(stderr, "Signature is too long. Max allowed is %d. Abort.\n",
-                    kMaxSignatureSize);
+            fprintf(stderr, "Signature is too long: %lld. Max allowed is %d. Abort.\n",
+                    (long long)signature.size(), kMaxSignatureSize);
         }
         return {std::move(fd), std::move(invalid_signature)};
     }