Fixed
Status Update
Comments
da...@google.com <da...@google.com>
jo...@onsalesit.com <jo...@onsalesit.com> #2
We have shared this with our product and engineering team and will update this issue with more information as it becomes available.
da...@google.com <da...@google.com> #3
Thanks again for the feedback! Our product and engineering teams have evaluated the request and responded:
Hello,
An MTE-specific strlen
(and all string.h
family of functions) is necessary and desirable to detect buffer-overflow bugs.
The example you mention, vector.push_back(toCppString(**).c_str())
, is a great example of the type of
Some of those specific examples of use-after-free bugs are begnign, however they're still undefined behaviour. MTE catching them is the desired functionality.
Description
In Room 2.3.0-alpha04 built-in enum support was added via a enum to string type converter. If a user already has a type converter Room should prioritize using user defined converters but there is a bug where if a one-way out converter (from Cursor to Enum) is defined, Room might incorrectly use the built-in one causing issues. This bug track such problem
It was fixed byhttps://android-review.googlesource.com/c/platform/frameworks/support/+/1524200 , but didn't make it into the 2.3.0-alpha04 release but instead it will be available in the next upcoming release.
As a workaround and one can define a method, for the one-way write converter which will make Room effectively making a two-way converter for the Enum which Room will correctly priortize over the built-in one.