commit b088500c47b383762c20336a5d6d4a4172ddcb4b
author Hridya Valsaraju <hridya@google.com> Mon Apr 03 13:54:11 2017 -0700
committer Hridya Valsaraju <hridya@google.com> Mon Apr 03 17:06:16 2017 -0700
tree 735819dd967b42b90648d9f7884fea8428d45244
parent 496051047ce92b23c1027fe77242f386fae940c4

Check if alignment to word boundary would cause an overflow

Bug: 36860231
Test: FMQ unit tests
Change-Id: Ie69bc1baebb10526e831ff7688b670dee4a062bb
Merged-In: Ie69bc1baebb10526e831ff7688b670dee4a062bb

base/include/hidl/MQDescriptor.h

diff --git a/base/include/hidl/MQDescriptor.h b/base/include/hidl/MQDescriptor.h
index bf2f8a4..3ed3685 100644
--- a/base/include/hidl/MQDescriptor.h
+++ b/base/include/hidl/MQDescriptor.h
@@ -120,6 +120,14 @@
         if (kAlignmentSize % __WORDSIZE != 0) {
             details::logAlwaysFatal("Incompatible word size");
         }
+
+        /*
+         * Check if alignment to word boundary would cause an overflow.
+         */
+        if (length > SIZE_MAX - kAlignmentSize/8 + 1) {
+            details::logAlwaysFatal("Queue size too large");
+        }
+
         return (length + kAlignmentSize/8 - 1) & ~(kAlignmentSize/8 - 1U);
     }