ADHOC/replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disregard alleged binder entities beyond parcel bounds

Browse Source 
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.

Bug 17312693

Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
This commit is contained in:
Christopher Tate 2015-05-27 17:53:02 -07:00
parent 7fc3ef0eb0
commit 27182be9f2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/binder/Parcel.cpp
View File

@ -451,7 +451,7 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
// Count objects in range // Count objects in range
for (int i = 0; i < (int) size; i++) { for (int i = 0; i < (int) size; i++) {
size_t off = objects[i]; size_t off = objects[i];
if ((off >= offset) && (off < offset + len)) { if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) {
if (firstIndex == -1) { if (firstIndex == -1) {
firstIndex = i; firstIndex = i;
} }