Parcel: free objects before realloc

Otherwise this would try to free the objects which have been written over in mData. Bug: 328177618 Test: with fuzzer Change-Id: I8929d11e3c1c193a1c36e95371b5e96e24d47ece
author: Steven Moreland <smoreland@google.com> 2024-03-05 09:10:02 +0000
committer: Steven Moreland <smoreland@google.com> 2024-03-05 09:10:02 +0000
commit: c6b0dfa3358a152c9bfd1fc479753c6ba32b78eb (patch)
tree: 7ff407683c1dbca9443451cc019d95caaa7d9ccf
parent: 52f0fc4df9998505718c1f89dba99aa6893d6709 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index c1770b35d1..4d1463ca09 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -2930,14 +2930,14 @@ status_t Parcel::restartWrite(size_t desired)
         return continueWrite(desired);
     }
 
+    releaseObjects();
+
     uint8_t* data = reallocZeroFree(mData, mDataCapacity, desired, mDeallocZero);
     if (!data && desired > mDataCapacity) {
         mError = NO_MEMORY;
         return NO_MEMORY;
     }
 
-    releaseObjects();
-
     if (data || desired == 0) {
         LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired);
         if (mDataCapacity > desired) {
author	Steven Moreland <smoreland@google.com>	2024-03-05 09:10:02 +0000
committer	Steven Moreland <smoreland@google.com>	2024-03-05 09:10:02 +0000
commit	c6b0dfa3358a152c9bfd1fc479753c6ba32b78eb (patch)
tree	7ff407683c1dbca9443451cc019d95caaa7d9ccf
parent	52f0fc4df9998505718c1f89dba99aa6893d6709 (diff)