1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <androidfw/TypeWrappers.h>
18
19 #include <algorithm>
20
21 namespace android {
22
TypeVariant(const ResTable_type * data)23 TypeVariant::TypeVariant(const ResTable_type* data) : data(data), mLength(dtohl(data->entryCount)) {
24 if (data->flags & ResTable_type::FLAG_SPARSE) {
25 const uint32_t entryCount = dtohl(data->entryCount);
26 const uintptr_t containerEnd = reinterpret_cast<uintptr_t>(data) + dtohl(data->header.size);
27 const uint32_t* const entryIndices = reinterpret_cast<const uint32_t*>(
28 reinterpret_cast<uintptr_t>(data) + dtohs(data->header.headerSize));
29 if (reinterpret_cast<uintptr_t>(entryIndices) + (sizeof(uint32_t) * entryCount)
30 > containerEnd) {
31 ALOGE("Type's entry indices extend beyond its boundaries");
32 mLength = 0;
33 } else {
34 mLength = ResTable_sparseTypeEntry{entryIndices[entryCount - 1]}.idx + 1;
35 }
36 }
37 }
38
operator ++()39 TypeVariant::iterator& TypeVariant::iterator::operator++() {
40 mIndex++;
41 if (mIndex > mTypeVariant->mLength) {
42 mIndex = mTypeVariant->mLength;
43 }
44 return *this;
45 }
46
keyCompare(uint32_t entry,uint16_t index)47 static bool keyCompare(uint32_t entry, uint16_t index) {
48 return dtohs(ResTable_sparseTypeEntry{entry}.idx) < index;
49 }
50
operator *() const51 const ResTable_entry* TypeVariant::iterator::operator*() const {
52 const ResTable_type* type = mTypeVariant->data;
53 if (mIndex >= mTypeVariant->mLength) {
54 return NULL;
55 }
56
57 const uint32_t entryCount = dtohl(mTypeVariant->data->entryCount);
58 const uintptr_t containerEnd = reinterpret_cast<uintptr_t>(type)
59 + dtohl(type->header.size);
60 const uint32_t* const entryIndices = reinterpret_cast<const uint32_t*>(
61 reinterpret_cast<uintptr_t>(type) + dtohs(type->header.headerSize));
62 const size_t indexSize = type->flags & ResTable_type::FLAG_OFFSET16 ?
63 sizeof(uint16_t) : sizeof(uint32_t);
64 if (reinterpret_cast<uintptr_t>(entryIndices) + (indexSize * entryCount) > containerEnd) {
65 ALOGE("Type's entry indices extend beyond its boundaries");
66 return NULL;
67 }
68
69 uint32_t entryOffset;
70 if (type->flags & ResTable_type::FLAG_SPARSE) {
71 auto iter = std::lower_bound(entryIndices, entryIndices + entryCount, mIndex, keyCompare);
72 if (iter == entryIndices + entryCount
73 || dtohs(ResTable_sparseTypeEntry{*iter}.idx) != mIndex) {
74 return NULL;
75 }
76
77 entryOffset = static_cast<uint32_t>(dtohs(ResTable_sparseTypeEntry{*iter}.offset)) * 4u;
78 } else if (type->flags & ResTable_type::FLAG_OFFSET16) {
79 auto entryIndices16 = reinterpret_cast<const uint16_t*>(entryIndices);
80 entryOffset = offset_from16(entryIndices16[mIndex]);
81 } else {
82 entryOffset = dtohl(entryIndices[mIndex]);
83 }
84
85 if (entryOffset == ResTable_type::NO_ENTRY) {
86 return NULL;
87 }
88
89 if ((entryOffset & 0x3) != 0) {
90 ALOGE("Index %u points to entry with unaligned offset 0x%08x", mIndex, entryOffset);
91 return NULL;
92 }
93
94 const ResTable_entry* entry = reinterpret_cast<const ResTable_entry*>(
95 reinterpret_cast<uintptr_t>(type) + dtohl(type->entriesStart) + entryOffset);
96 if (reinterpret_cast<uintptr_t>(entry) > containerEnd - sizeof(*entry)) {
97 ALOGE("Entry offset at index %u points outside the Type's boundaries", mIndex);
98 return NULL;
99 } else if (reinterpret_cast<uintptr_t>(entry) + entry->size() > containerEnd) {
100 ALOGE("Entry at index %u extends beyond Type's boundaries", mIndex);
101 return NULL;
102 } else if (entry->size() < sizeof(*entry)) {
103 ALOGE("Entry at index %u is too small (%zu)", mIndex, entry->size());
104 return NULL;
105 }
106 return entry;
107 }
108
109 } // namespace android
110