Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
diff --git a/symmetric_key.cpp b/symmetric_key.cpp
index 016b40e..3d8424c 100644
--- a/symmetric_key.cpp
+++ b/symmetric_key.cpp
@@ -123,7 +123,7 @@
keymaster_error_t SymmetricKey::key_material(UniquePtr<uint8_t[]>* key_material,
size_t* size) const {
*size = key_data_size_;
- key_material->reset(new uint8_t[*size]);
+ key_material->reset(new (std::nothrow) uint8_t[*size]);
if (!key_material->get())
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
memcpy(key_material->get(), key_data_.get(), *size);