auto import from //branches/cupcake_rel/...@138607

commit: e037fd7e193ecccbb5c0888e49f6d58c224bc11d [log] [tgz]
author: The Android Open Source Project <initial-contribution@android.com> Fri Mar 13 13:04:37 2009 -0700
committer: The Android Open Source Project <initial-contribution@android.com> Fri Mar 13 13:04:37 2009 -0700
tree: 3936f402311799c99169f8e1d6bf168a2d48f1a9
parent: 2015549667fb77706a9879e974a3875ebccd8198 [diff] [blame]
diff --git a/libcutils/strdup8to16.c b/libcutils/strdup8to16.c
index 8654b04..63e5ca4 100644
--- a/libcutils/strdup8to16.c
+++ b/libcutils/strdup8to16.c

@@ -18,6 +18,7 @@
 #include <cutils/jstring.h>
 #include <assert.h>
 #include <stdlib.h>
+#include <limits.h>
 
 /* See http://www.unicode.org/reports/tr22/ for discussion
  * on invalid sequences
@@ -48,6 +49,10 @@
 
     len = strlen8to16(s);
 
+    // fail on overflow
+    if (len && SIZE_MAX/len < sizeof(char16_t))
+        return NULL;
+
     // no plus-one here. UTF-16 strings are not null terminated
     ret = (char16_t *) malloc (sizeof(char16_t) * len);
commit	e037fd7e193ecccbb5c0888e49f6d58c224bc11d	[log] [tgz]
author	The Android Open Source Project <initial-contribution@android.com>	Fri Mar 13 13:04:37 2009 -0700
committer	The Android Open Source Project <initial-contribution@android.com>	Fri Mar 13 13:04:37 2009 -0700
tree	3936f402311799c99169f8e1d6bf168a2d48f1a9
parent	2015549667fb77706a9879e974a3875ebccd8198 [diff] [blame]