1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "format/binary/ResChunkPullParser.h"
18 
19 #include <inttypes.h>
20 
21 #include <cstddef>
22 
23 #include "android-base/logging.h"
24 #include "android-base/stringprintf.h"
25 #include "androidfw/ResourceTypes.h"
26 #include "androidfw/Util.h"
27 #include "util/Util.h"
28 
29 namespace aapt {
30 
31 using android::ResChunk_header;
32 using android::base::StringPrintf;
33 
ChunkHeaderDump(const ResChunk_header * header)34 static std::string ChunkHeaderDump(const ResChunk_header* header) {
35   return StringPrintf("(type=%02" PRIx16 " header_size=%" PRIu16 " size=%" PRIu32 ")",
36                       android::util::DeviceToHost16(header->type),
37                       android::util::DeviceToHost16(header->headerSize),
38                       android::util::DeviceToHost32(header->size));
39 }
40 
Next()41 ResChunkPullParser::Event ResChunkPullParser::Next() {
42   if (!IsGoodEvent(event_)) {
43     return event_;
44   }
45 
46   if (event_ == Event::kStartDocument) {
47     current_chunk_ = data_;
48   } else {
49     current_chunk_ = (const ResChunk_header*)(((const char*)current_chunk_) +
50                                               android::util::DeviceToHost32(current_chunk_->size));
51   }
52 
53   const std::ptrdiff_t diff = (const char*)current_chunk_ - (const char*)data_;
54   CHECK(diff >= 0) << "diff is negative";
55   const size_t offset = static_cast<const size_t>(diff);
56 
57   if (offset == len_) {
58     current_chunk_ = nullptr;
59     return (event_ = Event::kEndDocument);
60   } else if (offset + sizeof(ResChunk_header) > len_) {
61     error_ = "chunk is past the end of the document";
62     current_chunk_ = nullptr;
63     return (event_ = Event::kBadDocument);
64   }
65 
66   if (android::util::DeviceToHost16(current_chunk_->headerSize) < sizeof(ResChunk_header)) {
67     error_ = "chunk has too small header";
68     current_chunk_ = nullptr;
69     return (event_ = Event::kBadDocument);
70   } else if (android::util::DeviceToHost32(current_chunk_->size) <
71              android::util::DeviceToHost16(current_chunk_->headerSize)) {
72     error_ = "chunk's total size is smaller than header " + ChunkHeaderDump(current_chunk_);
73     current_chunk_ = nullptr;
74     return (event_ = Event::kBadDocument);
75   } else if (offset + android::util::DeviceToHost32(current_chunk_->size) > len_) {
76     error_ = "chunk's data extends past the end of the document " + ChunkHeaderDump(current_chunk_);
77     current_chunk_ = nullptr;
78     return (event_ = Event::kBadDocument);
79   }
80   return (event_ = Event::kChunk);
81 }
82 
83 }  // namespace aapt
84