mirror of
				https://github.com/topjohnwu/Magisk.git
				synced 2025-10-25 12:48:36 +00:00 
			
		
		
		
	Fix integer overflow and workaround seccomp
- Use ftruncate64 instead of ftruncate to workaround seccomp - Cast uint32_t to off64_t before making it negative Note: Using ftruncate with a modern NDK libc should actually be fine as the syscall wrapper in bionic will use ftruncate64 internally. However, since we are using the libc.a from r10e built for Gingerbread, seccomp wasn't a thing back then, and also the ftruncate64 symbol is missing; we have to create our own wrapper and call it instead on 32-bit ABIs. Props to @jnotuo for discovering the overflow bug and seccomp issue Fix #3703, close #4915
This commit is contained in:
		| @@ -554,7 +554,7 @@ void repack(const char *src_img, const char *out_img, bool skip_comp) { | ||||
|         if (boot.flags[ZIMAGE_KERNEL] && | ||||
|             boot.k_fmt == GZIP && hdr->kernel_size() > boot.hdr->kernel_size()) { | ||||
|             // Revert and try zipfoli | ||||
|             ftruncate(fd, lseek(fd, -hdr->kernel_size(), SEEK_CUR)); | ||||
|             ftruncate64(fd, lseek64(fd, -(off64_t)hdr->kernel_size(), SEEK_CUR)); | ||||
|             hdr->kernel_size() = compress(ZOPFLI, fd, raw_buf, raw_size); | ||||
|         } | ||||
|  | ||||
| @@ -563,7 +563,7 @@ void repack(const char *src_img, const char *out_img, bool skip_comp) { | ||||
|     if (boot.flags[ZIMAGE_KERNEL]) { | ||||
|         if (hdr->kernel_size() > boot.hdr->kernel_size()) { | ||||
|             LOGW("Recompressed kernel is too large, using original kernel\n"); | ||||
|             ftruncate(fd, lseek(fd, -hdr->kernel_size(), SEEK_CUR)); | ||||
|             ftruncate64(fd, lseek64(fd, -(off64_t)hdr->kernel_size(), SEEK_CUR)); | ||||
|             hdr->kernel_size() = xwrite(fd, boot.z_info.tail - boot.hdr->kernel_size(), boot.hdr->kernel_size()); | ||||
|         } else { | ||||
|             write_zero(fd, boot.hdr->kernel_size() - hdr->kernel_size() - 4); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 topjohnwu
					topjohnwu