summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Steven Moreland <smoreland@google.com> 2024-10-23 23:14:45 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2024-10-23 23:14:45 +0000
commitd4e070dd5afa406d8eae30c5ec07c9c99f41f825 (patch)
tree1463e954b0b06b74ba226def537220026374ed3b
parent7f04847a19be4a9297bd2c002774033542cff13a (diff)
parent5312555400b9000c26da0b1cbd0aadf788ef65cf (diff)
libbinder: Parcel: grow rejects large data pos am: 0db4fced4d am: 788803b5d5 am: 009229d905 am: abfcdc866f am: e95795fd32 am: 9180d6f852 am: 5312555400
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/29918554 Change-Id: Iaea4cc5a66bc3e7629bda038ba16560a7cce0bdb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--libs/binder/Parcel.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 15dad8e521..fececf894f 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -2775,6 +2775,14 @@ status_t Parcel::growData(size_t len)
return BAD_VALUE;
}
+ if (mDataPos > mDataSize) {
+ // b/370831157 - this case used to abort. We also don't expect mDataPos < mDataSize, but
+ // this would only waste a bit of memory, so it's okay.
+ ALOGE("growData only expected at the end of a Parcel. pos: %zu, size: %zu, capacity: %zu",
+ mDataPos, len, mDataCapacity);
+ return BAD_VALUE;
+ }
+
if (len > SIZE_MAX - mDataSize) return NO_MEMORY; // overflow
if (mDataSize + len > SIZE_MAX / 3) return NO_MEMORY; // overflow
size_t newSize = ((mDataSize+len)*3)/2;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 13:23:51 +0000