diff options
| author | 2021-10-21 10:13:15 +0000 | |
|---|---|---|
| committer | 2021-10-21 10:13:15 +0000 | |
| commit | bc584178dacac2afb131e8a3b0de994c0643dc6d (patch) | |
| tree | fd2e7028a96f4b481eb6990783f02f537bbf1401 /libs/binder/Parcel.cpp | |
| parent | fe441bf63eb248a60c55ec8a8f2eb785dbd3b823 (diff) | |
| parent | bbbd88da9df06775cff60c7809239f17071c7e66 (diff) | |
Merge "Fix offset check in Parcel::hasFileDescriptorsInRange()"
Diffstat (limited to 'libs/binder/Parcel.cpp')
| -rw-r--r-- | libs/binder/Parcel.cpp | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 805e5768bc..181f4051b7 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -548,21 +548,17 @@ bool Parcel::hasFileDescriptors() const return mHasFds; } -status_t Parcel::hasFileDescriptorsInRange(size_t offset, size_t len, bool& result) const { +status_t Parcel::hasFileDescriptorsInRange(size_t offset, size_t len, bool* result) const { if (len > INT32_MAX || offset > INT32_MAX) { // Don't accept size_t values which may have come from an inadvertent conversion from a // negative int. return BAD_VALUE; } - size_t limit = offset + len; - if (offset > mDataSize || len > mDataSize || limit > mDataSize || offset > limit) { + size_t limit; + if (__builtin_add_overflow(offset, len, &limit) || limit > mDataSize) { return BAD_VALUE; } - result = hasFileDescriptorsInRangeUnchecked(offset, len); - return NO_ERROR; -} - -bool Parcel::hasFileDescriptorsInRangeUnchecked(size_t offset, size_t len) const { + *result = false; for (size_t i = 0; i < mObjectsSize; i++) { size_t pos = mObjects[i]; if (pos < offset) continue; @@ -572,10 +568,11 @@ bool Parcel::hasFileDescriptorsInRangeUnchecked(size_t offset, size_t len) const } const flat_binder_object* flat = reinterpret_cast<const flat_binder_object*>(mData + pos); if (flat->hdr.type == BINDER_TYPE_FD) { - return true; + *result = true; + break; } } - return false; + return NO_ERROR; } void Parcel::markSensitive() const @@ -2568,9 +2565,9 @@ void Parcel::initState() } } -void Parcel::scanForFds() const -{ - mHasFds = hasFileDescriptorsInRangeUnchecked(0, dataSize()); +void Parcel::scanForFds() const { + status_t status = hasFileDescriptorsInRange(0, dataSize(), &mHasFds); + ALOGE_IF(status != NO_ERROR, "Error %d calling hasFileDescriptorsInRange()", status); mFdsKnown = true; } |