Verify that the native handle was created

The inputs to native_handle_create can cause an overflowed allocation, so check the return value of native_handle_create before accessing the memory it returns. Bug:19334482 Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
2015-05-12 17:35:48 -07:00 · 2015-05-12 17:35:48 -07:00 · eaac99a717
commit eaac99a717
parent be451b57b9
1 changed files with 4 additions and 0 deletions
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@ -1347,6 +1347,10 @@ native_handle* Parcel::readNativeHandle() const
    if (err != NO_ERROR) return 0;

    native_handle* h = native_handle_create(numFds, numInts);
+    if (!h) {
+        return 0;
+    }
+
    for (int i=0 ; err==NO_ERROR && i<numFds ; i++) {
        h->data[i] = dup(readFileDescriptor());
        if (h->data[i] < 0) err = BAD_VALUE;