b6b1423c87
It's a security best practice for size_t values to be rejected if they are greater than INT32_SIZE. This is intended to prevent the common error of inadvertently passing a negative int value to a function, which after conversion to an unsigned type, becomes a huge number, defeating the purpose of bounds checking. This patch also addresses a bug where the call to: Parcel::write(buf, (size_t) -1); would call writeInPlace() which uses PAD_SIZE on the supplied argument. This would then cause an integer overflow, with PAD_SIZE returning a small value, but the memcpy in Parcel::write using the old large length value. Bug: 19573085 Change-Id: Ib11bfb3dae4f3be91cd17b2c676926700972c7b8 |
||
|---|---|---|
| .. | ||
| binder | ||
| diskusage | ||
| gui | ||
| input | ||
| ui | ||