Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge change 27129 into eclair

Browse Source 
* changes:
  Bounds check read and write path in native code.
This commit is contained in:
Android (Google) Code Review
2009-09-27 15:41:51 -04:00
parent e03848eb93 57a2292bff
commit 65dea14caf
1 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
core/jni/android_bluetooth_BluetoothSocket.cpp
View File

@@ -402,7 +402,6 @@ static jint availableNative(JNIEnv *env, jobject obj) {
return -1;
}
/** jb must not be null. offset and offset+length must be within array */
static jint readNative(JNIEnv *env, jobject obj, jbyteArray jb, jint offset,
jint length) {
#ifdef HAVE_BLUETOOTH
@@ -410,10 +409,20 @@ static jint readNative(JNIEnv *env, jobject obj, jbyteArray jb, jint offset,
int ret;
jbyte *b;
int sz;
struct asocket *s = get_socketData(env, obj);
if (!s)
return -1;
if (jb == NULL) {
jniThrowIOException(env, EINVAL);
return -1;
}
sz = env->GetArrayLength(jb);
if (offset < 0 || length < 0 || offset + length > sz) {
jniThrowIOException(env, EINVAL);
return -1;
}
b = env->GetByteArrayElements(jb, NULL);
if (b == NULL) {
@@ -436,7 +445,6 @@ static jint readNative(JNIEnv *env, jobject obj, jbyteArray jb, jint offset,
return -1;
}
/** jb must not be null. offset and offset+length must be within array */
static jint writeNative(JNIEnv *env, jobject obj, jbyteArray jb, jint offset,
jint length) {
#ifdef HAVE_BLUETOOTH
@@ -444,10 +452,20 @@ static jint writeNative(JNIEnv *env, jobject obj, jbyteArray jb, jint offset,
int ret;
jbyte *b;
int sz;
struct asocket *s = get_socketData(env, obj);
if (!s)
return -1;
if (jb == NULL) {
jniThrowIOException(env, EINVAL);
return -1;
}
sz = env->GetArrayLength(jb);
if (offset < 0 || length < 0 || offset + length > sz) {
jniThrowIOException(env, EINVAL);
return -1;
}
b = env->GetByteArrayElements(jb, NULL);
if (b == NULL) {