commit d985b4d0306853a0b0be5652f3dd18e30d0234f2
author Christian Wailes <chriswailes@google.com> Thu Apr 25 22:35:10 2019 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Thu Apr 25 22:35:10 2019 +0000
tree e74cf2e184dc5f48e6aeb240890f7641769dbc97
parent aba1846fa7d8ef815087d4bbf90771c843ccf512
parent aee02f6ffe859852afec3d02287647c658a40967

Merge "Adds additional sanitization for Zygote command arguments." into qt-dev

core/java/android/os/ZygoteProcess.java

diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index db7c229..6478de2 100644
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java
@@ -385,13 +385,17 @@
      */
     @GuardedBy("mLock")
     private Process.ProcessStartResult zygoteSendArgsAndGetResult(
-            ZygoteState zygoteState, boolean useUsapPool, ArrayList<String> args)
+            ZygoteState zygoteState, boolean useUsapPool, @NonNull ArrayList<String> args)
             throws ZygoteStartFailedEx {
         // Throw early if any of the arguments are malformed. This means we can
         // avoid writing a partial response to the zygote.
         for (String arg : args) {
+            // Making two indexOf calls here is faster than running a manually fused loop due
+            // to the fact that indexOf is a optimized intrinsic.
             if (arg.indexOf('\n') >= 0) {
-                throw new ZygoteStartFailedEx("embedded newlines not allowed");
+                throw new ZygoteStartFailedEx("Embedded newlines not allowed");
+            } else if (arg.indexOf('\r') >= 0) {
+                throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
             }
         }