)]}'
{
  "commit": "7f7cabaaeec3748a1cf3e58c76c39685abf0d75a",
  "tree": "8c0d74c912d98b53dcfda489c980b46d96bc23ad",
  "parents": [
    "10b5d82d1ebf209d98e7d66b4c01c2e7e9bad498"
  ],
  "author": {
    "name": "Eran Messeri",
    "email": "eranm@google.com",
    "time": "Mon Jul 19 17:46:11 2021 +0100"
  },
  "committer": {
    "name": "Eran Messeri",
    "email": "eranm@google.com",
    "time": "Thu Nov 25 16:50:11 2021 +0000"
  },
  "message": "Add missing signedness check in Keymaster buffer\n\nAdd a check in the Serializable Buffer implementation of Keymaster for\nthe signedness of the input parameter to advance_read and advance_write.\nBoth methods take a distance of type int, and add it to the buffer\nposition regardless of whether it\u0027s positive or negative.\n\nThis leads to violation of buffer state invariants (specifically\nread_position_) and (ultimately) to reading from an invalid\nmemory region.\n\nIn this change:\n* advance_read is removed as it\u0027s not used.\n* advance_write is moved out of the header file.\n* Guards against negative distance values and wrapping are added.\n* A method for validating buffer state is added and used in reserve()\n\nIgnore-AOSP-First: Security fix\nBug: 173567719\nTest: Run libkeymaster_fuzz_buffer on clusterfuzz-testcase-minimized-libkeymaster_fuzz_buffer-5372592199434240\nMerged-In: I15330a2f23c3461e23daad450af33e3f92e6730c\nChange-Id: I15330a2f23c3461e23daad450af33e3f92e6730c\n(cherry picked from commit 48edbcdb981c980b27f4826563b4ca46754df885)\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b1f1e31753876a6a5751e33692beb87e1b39a205",
      "old_mode": 33188,
      "old_path": "android_keymaster/serializable.cpp",
      "new_id": "fe0d742d81f82a75590a7a5937ca512368feea29",
      "new_mode": 33188,
      "new_path": "android_keymaster/serializable.cpp"
    },
    {
      "type": "modify",
      "old_id": "fdc97f1fbe983523656796aceaf9547688489b3f",
      "old_mode": 33188,
      "old_path": "include/keymaster/serializable.h",
      "new_id": "4532485a880cdf31d2c993cda711c6aec7b8041b",
      "new_mode": 33188,
      "new_path": "include/keymaster/serializable.h"
    },
    {
      "type": "modify",
      "old_id": "0b02b3f0cad25093e00b95dfdac58679d94fc091",
      "old_mode": 33188,
      "old_path": "tests/fuzzers/buffer_fuzz.cpp",
      "new_id": "e0928cd1a3571f3839c354e77ee86736c34ffdfb",
      "new_mode": 33188,
      "new_path": "tests/fuzzers/buffer_fuzz.cpp"
    }
  ]
}