From b584b9c7e081d803b32f0ff5f059573dfa6c0a0e Mon Sep 17 00:00:00 2001 From: bgkim Date: Wed, 28 Aug 2024 12:38:34 -0700 Subject: [PATCH] bootctrl: fixed OOB read in BootControl Fixed OOB read in BootControl::isSlotMarkedSuccessful() by checking if "in_slot" is negative Flag: EXEMPT bugfix Test: tested on Husky device Bug: 353516777 Change-Id: I634c32a8c12403008fe5a724bc447f82931ae9c5 Signed-off-by: bgkim --- bootctrl/aidl/BootControl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp index 83deb72..8655929 100644 --- a/bootctrl/aidl/BootControl.cpp +++ b/bootctrl/aidl/BootControl.cpp @@ -384,7 +384,7 @@ ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_r *_aidl_return = true; return ScopedAStatus::ok(); } - if (in_slot >= slots) + if (in_slot < 0 || in_slot >= slots) return ScopedAStatus::fromServiceSpecificErrorWithMessage( INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());