andreacavalli
/
Magisk
forked from MarcoBuster/Magisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent undefined behavior in magiskboot

This commit is contained in:
topjohnwu 2021-05-10 18:38:30 -07:00
parent 6099f3b015
commit 7df23ceb74
7 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
native/jni/magiskboot/bootimg.cpp
View File

@ -1,12 +1,7 @@
#include <sys/mman.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <libfdt.h>
#include <functional> #include <functional>
#include <memory> #include <memory>
#include <libfdt.h>
#include <mincrypt/sha.h> #include <mincrypt/sha.h>
#include <mincrypt/sha256.h> #include <mincrypt/sha256.h>
#include <utils.hpp> #include <utils.hpp>

55
native/jni/magiskboot/compress.cpp
View File

@ -1,8 +1,3 @@
#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <memory> #include <memory>
#include <functional> #include <functional>
@ -56,7 +51,8 @@ protected:
ENCODE ENCODE
} mode; } mode;
gz_strm(mode_t mode, stream_ptr &&base) : cpr_stream(std::move(base)), mode(mode) { gz_strm(mode_t mode, stream_ptr &&base) :
cpr_stream(std::move(base)), mode(mode), strm{}, outbuf{0} {
switch(mode) { switch(mode) {
case DECODE: case DECODE:
inflateInit2(&strm, 15 | 16); inflateInit2(&strm, 15 | 16);
@ -131,7 +127,8 @@ protected:
ENCODE ENCODE
} mode; } mode;
bz_strm(mode_t mode, stream_ptr &&base) : cpr_stream(std::move(base)), mode(mode) { bz_strm(mode_t mode, stream_ptr &&base) :
cpr_stream(std::move(base)), mode(mode), strm{}, outbuf{0} {
switch(mode) { switch(mode) {
case DECODE: case DECODE:
BZ2_bzDecompressInit(&strm, 0, 0); BZ2_bzDecompressInit(&strm, 0, 0);
@ -200,8 +197,8 @@ protected:
ENCODE_LZMA ENCODE_LZMA
} mode; } mode;
lzma_strm(mode_t mode, stream_ptr &&base) lzma_strm(mode_t mode, stream_ptr &&base) :
: cpr_stream(std::move(base)), mode(mode), strm(LZMA_STREAM_INIT) { cpr_stream(std::move(base)), mode(mode), strm(LZMA_STREAM_INIT), outbuf{0} {
lzma_options_lzma opt; lzma_options_lzma opt;
// Initialize preset // Initialize preset
@ -211,18 +208,21 @@ protected:
{ .id = LZMA_VLI_UNKNOWN, .options = nullptr }, { .id = LZMA_VLI_UNKNOWN, .options = nullptr },
}; };
lzma_ret ret; lzma_ret code;
switch(mode) { switch(mode) {
case DECODE: case DECODE:
ret = lzma_auto_decoder(&strm, UINT64_MAX, 0); code = lzma_auto_decoder(&strm, UINT64_MAX, 0);
break; break;
case ENCODE_XZ: case ENCODE_XZ:
ret = lzma_stream_encoder(&strm, filters, LZMA_CHECK_CRC32); code = lzma_stream_encoder(&strm, filters, LZMA_CHECK_CRC32);
break; break;
case ENCODE_LZMA: case ENCODE_LZMA:
ret = lzma_alone_encoder(&strm, &opt); code = lzma_alone_encoder(&strm, &opt);
break; break;
} }
if (code != LZMA_OK) {
LOGE("LZMA initialization failed (%d)\n", code);
}
} }
private: private:
@ -264,7 +264,8 @@ public:
class LZ4F_decoder : public cpr_stream { class LZ4F_decoder : public cpr_stream {
public: public:
explicit LZ4F_decoder(stream_ptr &&base) : cpr_stream(std::move(base)), outbuf(nullptr) { explicit LZ4F_decoder(stream_ptr &&base) :
cpr_stream(std::move(base)), ctx(nullptr), outbuf(nullptr), outCapacity(0) {
LZ4F_createDecompressionContext(&ctx, LZ4F_VERSION); LZ4F_createDecompressionContext(&ctx, LZ4F_VERSION);
} }
@ -319,8 +320,8 @@ private:
class LZ4F_encoder : public cpr_stream { class LZ4F_encoder : public cpr_stream {
public: public:
explicit LZ4F_encoder(stream_ptr &&base) explicit LZ4F_encoder(stream_ptr &&base) :
: cpr_stream(std::move(base)), outbuf(nullptr), outCapacity(0) { cpr_stream(std::move(base)), ctx(nullptr), outbuf(nullptr), outCapacity(0) {
LZ4F_createCompressionContext(&ctx, LZ4F_VERSION); LZ4F_createCompressionContext(&ctx, LZ4F_VERSION);
} }
@ -362,14 +363,14 @@ private:
int write_header() { int write_header() {
LZ4F_preferences_t prefs { LZ4F_preferences_t prefs {
.autoFlush = 1,
.compressionLevel = 9,
.frameInfo = { .frameInfo = {
.blockMode = LZ4F_blockIndependent,
.blockSizeID = LZ4F_max4MB, .blockSizeID = LZ4F_max4MB,
.blockMode = LZ4F_blockIndependent,
.contentChecksumFlag = LZ4F_contentChecksumEnabled,
.blockChecksumFlag = LZ4F_noBlockChecksum, .blockChecksumFlag = LZ4F_noBlockChecksum,
.contentChecksumFlag = LZ4F_contentChecksumEnabled },
} .compressionLevel = 9,
.autoFlush = 1,
}; };
outCapacity = LZ4F_compressBound(BLOCK_SZ, &prefs); outCapacity = LZ4F_compressBound(BLOCK_SZ, &prefs);
outbuf = new uint8_t[outCapacity]; outbuf = new uint8_t[outCapacity];
@ -380,9 +381,9 @@ private:
class LZ4_decoder : public cpr_stream { class LZ4_decoder : public cpr_stream {
public: public:
explicit LZ4_decoder(stream_ptr &&base) explicit LZ4_decoder(stream_ptr &&base) :
: cpr_stream(std::move(base)), out_buf(new char[LZ4_UNCOMPRESSED]), cpr_stream(std::move(base)), out_buf(new char[LZ4_UNCOMPRESSED]),
buf(new char[LZ4_COMPRESSED]), init(false), block_sz(0), buf_off(0) {} buf(new char[LZ4_COMPRESSED]), init(false), block_sz(0), buf_off(0) {}
~LZ4_decoder() override { ~LZ4_decoder() override {
delete[] out_buf; delete[] out_buf;
@ -447,9 +448,9 @@ private:
class LZ4_encoder : public cpr_stream { class LZ4_encoder : public cpr_stream {
public: public:
explicit LZ4_encoder(stream_ptr &&base, bool lg) explicit LZ4_encoder(stream_ptr &&base, bool lg) :
: cpr_stream(std::move(base)), outbuf(new char[LZ4_COMPRESSED]), cpr_stream(std::move(base)), outbuf(new char[LZ4_COMPRESSED]),
buf(new char[LZ4_UNCOMPRESSED]), init(false), lg(lg), buf_off(0), in_total(0) {} buf(new char[LZ4_UNCOMPRESSED]), init(false), lg(lg), buf_off(0), in_total(0) {}
int write(const void *in, size_t size) override { int write(const void *in, size_t size) override {
int ret = 0; int ret = 0;

2
native/jni/magiskboot/dtb.cpp
View File

@ -1,5 +1,3 @@
#include <unistd.h>
#include <sys/mman.h>
#include <bitset> #include <bitset>
#include <vector> #include <vector>
#include <map> #include <map>

2
native/jni/magiskboot/hexpatch.cpp
View File

@ -34,7 +34,7 @@ int hexpatch(const char *image, const char *from, const char *to) {
curr = static_cast<uint8_t*>(memmem(curr, end - curr, pattern.data(), pattern.size())); curr = static_cast<uint8_t*>(memmem(curr, end - curr, pattern.data(), pattern.size()));
if (curr == nullptr) if (curr == nullptr)
return patched; return patched;
fprintf(stderr, "Patch @ %08X [%s] -> [%s]\n", curr - buf, from, to); fprintf(stderr, "Patch @ %08X [%s] -> [%s]\n", (unsigned)(curr - buf), from, to);
memset(curr, 0, pattern.size()); memset(curr, 0, pattern.size());
memcpy(curr, patch.data(), patch.size()); memcpy(curr, patch.data(), patch.size());
patched = 0; patched = 0;

6
native/jni/magiskboot/main.cpp
View File

@ -1,9 +1,3 @@
#include <cstdlib>
#include <cstdio>
#include <cstring>
#include <unistd.h>
#include <sys/mman.h>
#include <mincrypt/sha.h> #include <mincrypt/sha.h>
#include <utils.hpp> #include <utils.hpp>

2
native/jni/magiskboot/pattern.cpp
View File

@ -1,5 +1,3 @@
#include <malloc.h>
#include <utils.hpp> #include <utils.hpp>
#include "magiskboot.hpp" #include "magiskboot.hpp"

2
native/jni/magiskboot/ramdisk.cpp
View File

@ -31,7 +31,7 @@ public:
bool check_env(const char *name) { bool check_env(const char *name) {
const char *val = getenv(name); const char *val = getenv(name);
return val ? val == "true"sv : false; return val != nullptr && val == "true"sv;
} }
void magisk_cpio::patch() { void magisk_cpio::patch() {