ART: Improve overflow detection in dex file verifier Overflows were hidden by the design of the checks. Push all range checks as lists, so we can explicitly check against the count. Bug: 16017886 Change-Id: I0083f83006ef1e55518b0919dff319004b66dcb8

commit: 50d1bc198b2e347d60df74c3b0c452e1f929dd2f [log] [tgz]
author: Andreas Gampe <agampe@google.com> Thu Jul 17 21:49:24 2014 -0700
committer: Andreas Gampe <agampe@google.com> Thu Jul 17 21:49:24 2014 -0700
tree: 8bbfef9f93f4f42a7dcb1e4282c2f078e9b557c7
parent: 031ddea20cb311dfdb3bd16a13750f9cb426b299 [diff] [blame]
diff --git a/runtime/dex_file_verifier.h b/runtime/dex_file_verifier.h
index f845993..cae1063 100644
--- a/runtime/dex_file_verifier.h
+++ b/runtime/dex_file_verifier.h

@@ -40,8 +40,7 @@
   bool Verify();
 
   bool CheckShortyDescriptorMatch(char shorty_char, const char* descriptor, bool is_return_type);
-  bool CheckPointerRange(const void* start, const void* end, const char* label);
-  bool CheckListSize(const void* start, uint32_t count, uint32_t element_size, const char* label);
+  bool CheckListSize(const void* start, size_t count, size_t element_size, const char* label);
   bool CheckIndex(uint32_t field, uint32_t limit, const char* label);
 
   bool CheckHeader();
commit	50d1bc198b2e347d60df74c3b0c452e1f929dd2f	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Thu Jul 17 21:49:24 2014 -0700
committer	Andreas Gampe <agampe@google.com>	Thu Jul 17 21:49:24 2014 -0700
tree	8bbfef9f93f4f42a7dcb1e4282c2f078e9b557c7
parent	031ddea20cb311dfdb3bd16a13750f9cb426b299 [diff] [blame]