From 8cb610e2623bc791249170b5cf0989b06d385bbb Mon Sep 17 00:00:00 2001
From: Ryo Hashimoto <hashimoto@google.com>
Date: Wed, 14 Mar 2018 19:13:56 +0900
Subject: [PATCH] Fix buffer size check in replyRead

We should not reject it when size==array.size().
Replace CHECK with CHECK_GE/LE for better logging.

Bug: 38360920
Test: atest StorageManagerTest#testOpenProxyFileDescriptor_largeRead

Change-Id: I5eae40f22aaaea50299260d5b25c454bf794d780
---
 core/jni/com_android_internal_os_FuseAppLoop.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/jni/com_android_internal_os_FuseAppLoop.cpp b/core/jni/com_android_internal_os_FuseAppLoop.cpp
index 8837df5b2da7b..fdc088eee6b38 100644
--- a/core/jni/com_android_internal_os_FuseAppLoop.cpp
+++ b/core/jni/com_android_internal_os_FuseAppLoop.cpp
@@ -166,8 +166,8 @@ void com_android_internal_os_FuseAppLoop_replyWrite(
 void com_android_internal_os_FuseAppLoop_replyRead(
         JNIEnv* env, jobject self, jlong ptr, jlong unique, jint size, jbyteArray data) {
     ScopedByteArrayRO array(env, data);
-    CHECK(size >= 0);
-    CHECK(static_cast<size_t>(size) < array.size());
+    CHECK_GE(size, 0);
+    CHECK_LE(static_cast<size_t>(size), array.size());
     if (!reinterpret_cast<fuse::FuseAppLoop*>(ptr)->ReplyRead(unique, size, array.get())) {
         reinterpret_cast<fuse::FuseAppLoop*>(ptr)->Break();
     }