Merge "Adds additional sanitization for Zygote command arguments." into qt-dev
diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index db7c229..6478de2 100644
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java
@@ -385,13 +385,17 @@
*/
@GuardedBy("mLock")
private Process.ProcessStartResult zygoteSendArgsAndGetResult(
- ZygoteState zygoteState, boolean useUsapPool, ArrayList<String> args)
+ ZygoteState zygoteState, boolean useUsapPool, @NonNull ArrayList<String> args)
throws ZygoteStartFailedEx {
// Throw early if any of the arguments are malformed. This means we can
// avoid writing a partial response to the zygote.
for (String arg : args) {
+ // Making two indexOf calls here is faster than running a manually fused loop due
+ // to the fact that indexOf is a optimized intrinsic.
if (arg.indexOf('\n') >= 0) {
- throw new ZygoteStartFailedEx("embedded newlines not allowed");
+ throw new ZygoteStartFailedEx("Embedded newlines not allowed");
+ } else if (arg.indexOf('\r') >= 0) {
+ throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
}
}