Binder: Fix some valgrind errors.

When using 64 bit binder pointers, only initializing the 32 bit handle, in a stack allocated struct, will pass uninitialized stack data to the kernel and other processes. Change-Id: I3432d9d36bb251d8ddb0a863661aeb80aabb3d92
2014-02-18 21:10:29 -08:00 · 2014-02-18 21:10:29 -08:00 · 07fd0f195d
parent 87b30d0447
commit 07fd0f195d
2 changed files with 4 additions and 0 deletions
--- a/libs/binder/IPCThreadState.cpp
+++ b/libs/binder/IPCThreadState.cpp
@ -904,6 +904,7 @@ status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
 {
    binder_transaction_data tr;

+    tr.target.ptr = 0; /* Don't pass uninitialized stack data to a remote process */
    tr.target.handle = handle;
    tr.code = code;
    tr.flags = binderFlags;
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@ -164,6 +164,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/,
            }
            const int32_t handle = proxy ? proxy->handle() : 0;
            obj.type = BINDER_TYPE_HANDLE;
+            obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
            obj.handle = handle;
            obj.cookie = 0;
        } else {
@ -197,6 +198,7 @@ status_t flatten_binder(const sp<ProcessState>& /*proc*/,
                }
                const int32_t handle = proxy ? proxy->handle() : 0;
                obj.type = BINDER_TYPE_WEAK_HANDLE;
+                obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
                obj.handle = handle;
                obj.cookie = 0;
            } else {
@ -748,6 +750,7 @@ status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership)
    flat_binder_object obj;
    obj.type = BINDER_TYPE_FD;
    obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
+    obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
    obj.handle = fd;
    obj.cookie = takeOwnership ? 1 : 0;
    return writeObject(obj, true);