summaryrefslogtreecommitdiff
path: root/libs/binder/Parcel.cpp
diff options
context:
space:
mode:
author Dan Austin <danielaustin@google.com> 2015-09-10 22:06:23 +0000
committer Android Git Automerger <android-git-automerger@android.com> 2015-09-10 22:06:23 +0000
commitf0f131f36b5ce2a25992576aa75e7c08654e5a8d (patch)
treee57d2caebcc9f06986800f0429d71f273a391870 /libs/binder/Parcel.cpp
parent6d59e98bb19d2d63fc3b3761e51fda2948976c03 (diff)
parent6c8c8138434d2381a78407e9876121d3bcef55a7 (diff)
am 6c8c8138: Merge "Benign unsigned integer overflow in Parcel"
* commit '6c8c8138434d2381a78407e9876121d3bcef55a7': Benign unsigned integer overflow in Parcel
Diffstat (limited to 'libs/binder/Parcel.cpp')
-rw-r--r--libs/binder/Parcel.cpp11
1 files changed, 9 insertions, 2 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 7a4ddc43a5..45191f5bd9 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -1645,8 +1645,14 @@ void Parcel::freeDataNoInit()
if (mData) {
LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity);
pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- gParcelGlobalAllocSize -= mDataCapacity;
- gParcelGlobalAllocCount--;
+ if (mDataCapacity <= gParcelGlobalAllocSize) {
+ gParcelGlobalAllocSize = gParcelGlobalAllocSize - mDataCapacity;
+ } else {
+ gParcelGlobalAllocSize = 0;
+ }
+ if (gParcelGlobalAllocCount > 0) {
+ gParcelGlobalAllocCount--;
+ }
pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
free(mData);
}
@@ -1825,6 +1831,7 @@ status_t Parcel::continueWrite(size_t desired)
pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
gParcelGlobalAllocSize += desired;
gParcelGlobalAllocSize -= mDataCapacity;
+ gParcelGlobalAllocCount++;
pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
mData = data;
mDataCapacity = desired;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2026-01-14 19:46:20 +0000