summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/jni/android_os_Parcel.cpp11
-rw-r--r--core/jni/android_util_Binder.cpp6
2 files changed, 16 insertions, 1 deletions
diff --git a/core/jni/android_os_Parcel.cpp b/core/jni/android_os_Parcel.cpp
index bb4ab39a59d1..1f64df49cb56 100644
--- a/core/jni/android_os_Parcel.cpp
+++ b/core/jni/android_os_Parcel.cpp
@@ -101,9 +101,18 @@ static void android_os_Parcel_markSensitive(jlong nativePtr)
static void android_os_Parcel_markForBinder(JNIEnv* env, jclass clazz, jlong nativePtr,
jobject binder)
{
+ LOG_ALWAYS_FATAL_IF(binder == nullptr, "Null binder specified for markForBinder");
+
Parcel* parcel = reinterpret_cast<Parcel*>(nativePtr);
if (parcel) {
- parcel->markForBinder(ibinderForJavaObject(env, binder));
+ sp<IBinder> nBinder = ibinderForJavaObject(env, binder);
+
+ if (nBinder == nullptr) {
+ ALOGE("Native binder in markForBinder is null for non-null jobject");
+ return;
+ }
+
+ parcel->markForBinder(nBinder);
}
}
diff --git a/core/jni/android_util_Binder.cpp b/core/jni/android_util_Binder.cpp
index f28e2f636dac..9f88f3369ae8 100644
--- a/core/jni/android_util_Binder.cpp
+++ b/core/jni/android_util_Binder.cpp
@@ -798,6 +798,12 @@ sp<IBinder> ibinderForJavaObject(JNIEnv* env, jobject obj)
if (env->IsInstanceOf(obj, gBinderOffsets.mClass)) {
JavaBBinderHolder* jbh = (JavaBBinderHolder*)
env->GetLongField(obj, gBinderOffsets.mObject);
+
+ if (jbh == nullptr) {
+ ALOGE("JavaBBinderHolder null on binder");
+ return nullptr;
+ }
+
return jbh->get(env, obj);
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-02 20:15:08 +0000