ADHOC/replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disregard alleged binder entities beyond parcel bounds

Browse Source 
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.

Bug 17312693

Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit 27182be9f2)
This commit is contained in:
Christopher Tate 2015-05-27 17:53:02 -07:00 committed by Christopher Hocutt
parent 4ff0cb4404
commit bb686c25b2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/binder/Parcel.cpp
View File

@ -384,7 +384,7 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
// Count objects in range
for (int i = 0; i < (int) size; i++) {
size_t off = objects[i];
if ((off >= offset) && (off < offset + len)) {
if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) {
if (firstIndex == -1) {
firstIndex = i;
}