[statsd] Added LogEvent parsing data safety check
Bug: 328736147
Test: m statsd_fuzzer && adb sync data && adb shell /data/fuzz/arm64/statsd_fuzzer/statsd_fuzzer -runs=50000
Change-Id: Ibeaf114e897beb65faef2e4c08ed2a14c321a5a4
Ignore-AOSP-First: potential security issue
(cherry picked from commit 4acaaaf71ca9b68d4bb22113334f6c034e11dc57)
diff --git a/statsd/src/logd/LogEvent.cpp b/statsd/src/logd/LogEvent.cpp
index 94fe5cf..affb080 100644
--- a/statsd/src/logd/LogEvent.cpp
+++ b/statsd/src/logd/LogEvent.cpp
@@ -266,7 +266,7 @@
}
// Assumes that mValues is not empty
-bool LogEvent::checkPreviousValueType(Type expected) {
+bool LogEvent::checkPreviousValueType(Type expected) const {
return mValues[mValues.size() - 1].mValue.getType() == expected;
}
@@ -283,7 +283,7 @@
}
// Allowed types: INT, repeated INT
- if (numElements > mValues.size() || !checkPreviousValueType(INT) ||
+ if (mValues.empty() || numElements > mValues.size() || !checkPreviousValueType(INT) ||
annotationType != BOOL_TYPE) {
VLOG("Atom ID %d error while parseIsUidAnnotation()", mTagId);
mValid = false;
diff --git a/statsd/src/logd/LogEvent.h b/statsd/src/logd/LogEvent.h
index c34d34e..db2bc4e 100644
--- a/statsd/src/logd/LogEvent.h
+++ b/statsd/src/logd/LogEvent.h
@@ -296,7 +296,7 @@
void parseStateNestedAnnotation(uint8_t annotationType, std::optional<uint8_t> numElements);
void parseRestrictionCategoryAnnotation(uint8_t annotationType);
void parseFieldRestrictionAnnotation(uint8_t annotationType);
- bool checkPreviousValueType(Type expected);
+ bool checkPreviousValueType(Type expected) const;
bool getRestrictedMetricsFlag();
/**
