Android: Translate C++ "w" to ParcelFileDescriptor "wt"

Previously we were translating "w" to "w", which unlike in C++ doesn't truncate. See https://issuetracker.google.com/issues/180526528, and for reference, https://en.cppreference.com/w/cpp/io/c/fopen and https://en.cppreference.com/w/cpp/io/basic_filebuf/open. This issue was brought to my attention by the recently published issue CVE-2023-21036 in the screenshot editing tool on Pixel phones. I'm not aware of any code in Dolphin that actually uses "w" with an existing file on Android (when we ask the user for a location to save to using SAF, a new file is always created), but still, best to fix this.
2024-11-14 21:37:52 -07:00 · 2023-03-18 13:16:12 +01:00 · 2023-03-18 13:16:12 +01:00 · 8e363c0995
commit 8e363c0995
parent 6b545eaada
1 changed files with 37 additions and 24 deletions
--- a/Source/Android/jni/AndroidCommon/AndroidCommon.cpp
+++ b/Source/Android/jni/AndroidCommon/AndroidCommon.cpp
@ -12,6 +12,7 @@
 #include <jni.h>

 #include "Common/Assert.h"
+#include "Common/Logging/Log.h"
 #include "Common/StringUtil.h"
 #include "jni/AndroidCommon/IDCache.h"

@ -63,38 +64,50 @@ std::string OpenModeToAndroid(std::string mode)
  // The 'b' specifier is not supported by Android. Since we're on POSIX, it's fine to just skip it.
  mode.erase(std::remove(mode.begin(), mode.end(), 'b'));

-  if (mode == "r+")
-    mode = "rw";
-  else if (mode == "w+")
-    mode = "rwt";
-  else if (mode == "a+")
-    mode = "rwa";
+  if (mode == "r")
+    return "r";
+  else if (mode == "w")
+    return "wt";
  else if (mode == "a")
-    mode = "wa";
+    return "wa";
+  else if (mode == "r+")
+    return "rw";
+  else if (mode == "w+")
+    return "rwt";
+  else if (mode == "a+")
+    return "rwa";

-  return mode;
+  ERROR_LOG_FMT(COMMON, "OpenModeToAndroid(std::string): Unsupported open mode: {}", mode);
+  return "";
 }

 std::string OpenModeToAndroid(std::ios_base::openmode mode)
 {
-  std::string result;
-
-  if (mode & std::ios_base::in)
-    result += 'r';
-
-  if (mode & (std::ios_base::out | std::ios_base::app))
-    result += 'w';
-
-  if (mode & std::ios_base::app)
-    result += 'a';
-
-  constexpr std::ios_base::openmode t = std::ios_base::in | std::ios_base::trunc;
-  if ((mode & t) == t)
-    result += 't';
-
  // The 'b' specifier is not supported by Android. Since we're on POSIX, it's fine to just skip it.
+  mode &= ~std::ios_base::binary;

-  return result;
+  switch (mode)
+  {
+  case std::ios_base::in:
+    return "r";
+  case std::ios_base::out:
+  case std::ios_base::out | std::ios_base::trunc:
+    return "wt";
+  case std::ios_base::app:
+  case std::ios_base::out | std::ios_base::app:
+    return "wa";
+  case std::ios_base::in | std::ios_base::out:
+    return "rw";
+  case std::ios_base::in | std::ios_base::out | std::ios_base::trunc:
+    return "rwt";
+  case std::ios_base::in | std::ios_base::app:
+  case std::ios_base::in | std::ios_base::out | std::ios_base::app:
+    return "rwa";
+  default:
+    ERROR_LOG_FMT(COMMON,
+                  "OpenModeToAndroid(std::ios_base::openmode): Unsupported open mode: {:#x}", mode);
+    return "";
+  }
 }

 int OpenAndroidContent(std::string_view uri, std::string_view mode)