in libresource/ResourceTypes.cpp [456:631]
status_t ResStringPool::setTo(const void* data, size_t size, bool copyData)
{
if (!data || !size) {
return (mError=BAD_TYPE);
}
uninit();
const bool notDeviceEndian = htods(0xf0) != 0xf0;
if (copyData || notDeviceEndian) {
mOwnedData = malloc(size);
if (mOwnedData == NULL) {
return (mError=NO_MEMORY);
}
memcpy(mOwnedData, data, size);
data = mOwnedData;
}
mHeader = (const ResStringPool_header*)data;
if (notDeviceEndian) {
ResStringPool_header* h = const_cast<ResStringPool_header*>(mHeader);
h->header.headerSize = dtohs(mHeader->header.headerSize);
h->header.type = dtohs(mHeader->header.type);
h->header.size = dtohl(mHeader->header.size);
h->stringCount = dtohl(mHeader->stringCount);
h->styleCount = dtohl(mHeader->styleCount);
h->flags = dtohl(mHeader->flags);
h->stringsStart = dtohl(mHeader->stringsStart);
h->stylesStart = dtohl(mHeader->stylesStart);
}
if (mHeader->header.headerSize > mHeader->header.size
|| mHeader->header.size > size) {
ALOGW("Bad string block: header size %d or total size %d is larger than data size %d\n",
(int)mHeader->header.headerSize, (int)mHeader->header.size, (int)size);
return (mError=BAD_TYPE);
}
mSize = mHeader->header.size;
mEntries = (const uint32_t*)
(((const uint8_t*)data)+mHeader->header.headerSize);
if (mHeader->stringCount > 0) {
if ((mHeader->stringCount*sizeof(uint32_t) < mHeader->stringCount) // uint32 overflow?
|| (mHeader->header.headerSize+(mHeader->stringCount*sizeof(uint32_t)))
> size) {
ALOGW("Bad string block: entry of %d items extends past data size %d\n",
(int)(mHeader->header.headerSize+(mHeader->stringCount*sizeof(uint32_t))),
(int)size);
return (mError=BAD_TYPE);
}
size_t charSize;
if (mHeader->flags&ResStringPool_header::UTF8_FLAG) {
charSize = sizeof(uint8_t);
} else {
charSize = sizeof(uint16_t);
}
// There should be at least space for the smallest string
// (2 bytes length, null terminator).
if (mHeader->stringsStart >= (mSize - sizeof(uint16_t))) {
ALOGW("Bad string block: string pool starts at %d, after total size %d\n",
(int)mHeader->stringsStart, (int)mHeader->header.size);
return (mError=BAD_TYPE);
}
mStrings = (const void*)
(((const uint8_t*)data) + mHeader->stringsStart);
if (mHeader->styleCount == 0) {
mStringPoolSize = (uint32_t) ((mSize - mHeader->stringsStart) / charSize);
} else {
// check invariant: styles starts before end of data
if (mHeader->stylesStart >= (mSize - sizeof(uint16_t))) {
ALOGW("Bad style block: style block starts at %d past data size of %d\n",
(int)mHeader->stylesStart, (int)mHeader->header.size);
return (mError=BAD_TYPE);
}
// check invariant: styles follow the strings
if (mHeader->stylesStart <= mHeader->stringsStart) {
ALOGW("Bad style block: style block starts at %d, before strings at %d\n",
(int)mHeader->stylesStart, (int)mHeader->stringsStart);
return (mError=BAD_TYPE);
}
mStringPoolSize =
(mHeader->stylesStart-mHeader->stringsStart)/charSize;
}
// check invariant: stringCount > 0 requires a string pool to exist
if (mStringPoolSize == 0) {
ALOGW("Bad string block: stringCount is %d but pool size is 0\n", (int)mHeader->stringCount);
return (mError=BAD_TYPE);
}
if (notDeviceEndian) {
size_t i;
uint32_t* e = const_cast<uint32_t*>(mEntries);
for (i=0; i<mHeader->stringCount; i++) {
e[i] = dtohl(mEntries[i]);
}
if (!(mHeader->flags&ResStringPool_header::UTF8_FLAG)) {
const uint16_t* strings = (const uint16_t*)mStrings;
uint16_t* s = const_cast<uint16_t*>(strings);
for (i=0; i<mStringPoolSize; i++) {
s[i] = dtohs(strings[i]);
}
}
}
if ((mHeader->flags & ResStringPool_header::UTF8_FLAG &&
((uint8_t*)mStrings)[mStringPoolSize - 1] != 0) ||
(!(mHeader->flags & ResStringPool_header::UTF8_FLAG) &&
((uint16_t*)mStrings)[mStringPoolSize - 1] != 0)) {
ALOGW("Bad string block: last string is not 0-terminated\n");
return (mError = BAD_TYPE);
}
} else {
mStrings = NULL;
mStringPoolSize = 0;
}
if (mHeader->styleCount > 0) {
mEntryStyles = mEntries + mHeader->stringCount;
// invariant: integer overflow in calculating mEntryStyles
if (mEntryStyles < mEntries) {
ALOGW("Bad string block: integer overflow finding styles\n");
return (mError=BAD_TYPE);
}
if (((const uint8_t*)mEntryStyles-(const uint8_t*)mHeader) > (int)size) {
ALOGW("Bad string block: entry of %d styles extends past data size %d\n",
(int)((const uint8_t*)mEntryStyles-(const uint8_t*)mHeader),
(int)size);
return (mError=BAD_TYPE);
}
mStyles = (const uint32_t*)
(((const uint8_t*)data)+mHeader->stylesStart);
if (mHeader->stylesStart >= mHeader->header.size) {
ALOGW("Bad string block: style pool starts %d, after total size %d\n",
(int)mHeader->stylesStart, (int)mHeader->header.size);
return (mError=BAD_TYPE);
}
mStylePoolSize =
(mHeader->header.size-mHeader->stylesStart)/sizeof(uint32_t);
if (notDeviceEndian) {
size_t i;
uint32_t* e = const_cast<uint32_t*>(mEntryStyles);
for (i=0; i<mHeader->styleCount; i++) {
e[i] = dtohl(mEntryStyles[i]);
}
uint32_t* s = const_cast<uint32_t*>(mStyles);
for (i=0; i<mStylePoolSize; i++) {
s[i] = dtohl(mStyles[i]);
}
}
const ResStringPool_span endSpan = {
{ htodl(ResStringPool_span::END) },
htodl(ResStringPool_span::END), htodl(ResStringPool_span::END)
};
if (memcmp(&mStyles[mStylePoolSize-(sizeof(endSpan)/sizeof(uint32_t))],
&endSpan, sizeof(endSpan)) != 0) {
ALOGW("Bad string block: last style is not 0xFFFFFFFF-terminated\n");
return (mError=BAD_TYPE);
}
} else {
mEntryStyles = NULL;
mStyles = NULL;
mStylePoolSize = 0;
}
return (mError=NO_ERROR);
}