Disregard alleged binder entities beyond parcel bounds
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2
)
This commit is contained in:
parent
861c3f5615
commit
1b8a2f82fe
@ -390,7 +390,7 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
|
|||||||
// Count objects in range
|
// Count objects in range
|
||||||
for (int i = 0; i < (int) size; i++) {
|
for (int i = 0; i < (int) size; i++) {
|
||||||
size_t off = objects[i];
|
size_t off = objects[i];
|
||||||
if ((off >= offset) && (off < offset + len)) {
|
if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) {
|
||||||
if (firstIndex == -1) {
|
if (firstIndex == -1) {
|
||||||
firstIndex = i;
|
firstIndex = i;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user